CVE-2022-1798

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 15-09-2022 06:15

Last modified: - 15-09-2022 06:59

Total changes: - 1

Description

A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.

Common Vulnerability Scoring System (CVSS)

Attack complexity

Attack vector

Availability

Confidentiality

Integrity

Privileges required

Scope

User interaction

Base score

Exploitability score

Impact score

Verification logic

Reference

https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364

Keywords

CVE-2022-1798

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2022-1798

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures