CVE-2023-26484 — Incorrect Authorization in Kubevirt

CWE-863 — Incorrect Authorization6 documents6 sources

Severity

8.2HIGHNVD

EPSS

0.3%

top 47.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Kubevirt Kubevirt.io Kubevirt

Timeline

PublishedMar 15

Latest updateMar 16

Description

KubeVirt is a virtual machine management add-on for Kubernetes. In versions 0.59.0 and prior, if a malicious user has taken over a Kubernetes node where virt-handler (the KubeVirt node-daemon) is running, the virt-handler service account can be used to modify all node specs. This can be misused to lure-in system-level-privileged components which can, for instance, read all secrets on the cluster, or can exec into pods on other nodes. This way, a compromised node can be used to elevate privileges…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:NExploitability: 1.8 | Impact: 5.8

Affected Packages3 packages

▶CVEListV5kubevirt/kubevirt0.59.0

▶NVDkubevirt/kubevirt0.59.0

▶Gokubevirt.io/kubevirt0.59.0

🔴Vulnerability Details

GHSA

On a compromised node, the virt-handler service account can be used to modify all node specs↗2023-03-16

▶

OSV

On a compromised node, the virt-handler service account can be used to modify all node specs↗2023-03-16

▶

CVEList

On a compromised KubeVirt node, the virt-handler service account can be used to modify all node specs↗2023-03-15

▶

📋Vendor Advisories

Red Hat

kubevirt: Incorrect Authorization↗2023-03-15

▶

Microsoft

On a compromised KubeVirt node the virt-handler service account can be used to modify all node specs↗2023-03-14

▶