CVE-2020-14316

CWE-284 — Improper Access Control CWE-269 — Improper Privilege Management7 documents6 sources

Severity

9.9CRITICAL

EPSS

0.4%

top 39.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Kubevirt.io Kubevirt Kubevirt Kubevirt Redhat Openshift Virtualization

Timeline

PublishedJul 29

Latest updateJun 4

Description

A flaw was found in kubevirt 0.29 and earlier. Virtual Machine Instances (VMIs) can be used to gain access to the host's filesystem. Successful exploitation allows an attacker to assume the privileges of the VM process on the host system. In worst-case scenarios an attacker can read and modify any file on the system where the VMI is running. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 3.1 | Impact: 6.0

Affected Packages4 packages

▶Gokubevirt.io/kubevirt< 0.30.0

▶NVDkubevirt/kubevirt0.29

▶CVEListV5kubevirtAll versions before kubevirt 0.30.

▶NVDredhat/openshift_virtualization1

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

OSV

Privilege Escalation in kubevirt in kubevirt.io/kubevirt↗2024-06-04

▶

GHSA

Privilege Escalation in kubevirt↗2024-04-24

▶

OSV

Privilege Escalation in kubevirt↗2024-04-24

▶

CVEList

CVE-2020-14316: A flaw was found in kubevirt 0↗2020-07-29

▶

📋Vendor Advisories

Red Hat

kubevirt: VMIs can be used to access host files↗2020-06-23

▶

💬Community

Bugzilla

CVE-2020-14316 kubevirt: VMIs can be used to access host files↗2020-06-19

▶