CVE-2024-1725

A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2024:1559
https://access.redhat.com/errata/RHSA-2024:1891
https://access.redhat.com/errata/RHSA-2024:2047
https://access.redhat.com/security/cve/CVE-2024-1725
https://bugzilla.redhat.com/show_bug.cgi?id=2265398

Configurations

No configuration.

History

08 May 2024, 02:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:2047 -

26 Apr 2024, 20:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:1891 -

03 Apr 2024, 00:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:1559 -

08 Mar 2024, 14:02

Type	Values Removed	Values Added
Summary		(es) Se encontró una falla en el componente kubevirt-csi del plano de control alojado (HCP) de OpenShift Virtualization. Este problema podría permitir que un atacante autenticado obtenga acceso al volumen del nodo trabajador HCP raíz mediante la creación de un volumen persistente personalizado que coincida con el nombre de un nodo trabajador.

07 Mar 2024, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-07 20:15

Updated : 2024-05-08 02:15

NVD link : CVE-2024-1725

Mitre link : CVE-2024-1725

CVE.ORG link : CVE-2024-1725

JSON object : View

Products Affected

No product.

CWE

CWE-501

Trust Boundary Violation

8.1 /10