{ "threat_severity" : "Important", "public_date" : "2022-08-08T00:00:00Z", "bugzilla" : { "description" : "kubeVirt: Arbitrary file read on the host from KubeVirt VMs", "id" : "2117872", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2117872" }, "cvss3" : { "cvss3_base_score" : "7.7", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "status" : "verified" }, "cwe" : "CWE-22", "details" : [ "A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.", "An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from." ], "acknowledgement" : "Red Hat would like to thank Oliver Brooks and James Klopchic (NCC Group) for reporting this issue.", "affected_release" : [ { "product_name" : "RHEL-8-CNV-4.10", "release_date" : "2022-09-06T00:00:00Z", "advisory" : "RHSA-2022:6351", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.10::el8", "package" : "container-native-virtualization/virt-api:v4.10.5-3" }, { "product_name" : "RHEL-8-CNV-4.10", "release_date" : "2022-09-06T00:00:00Z", "advisory" : "RHSA-2022:6351", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.10::el8", "package" : "container-native-virtualization/virt-artifacts-server:v4.10.5-3" }, { "product_name" : "RHEL-8-CNV-4.10", "release_date" : "2022-09-06T00:00:00Z", "advisory" : "RHSA-2022:6351", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.10::el8", "package" : "container-native-virtualization/virt-controller:v4.10.5-3" }, { "product_name" : "RHEL-8-CNV-4.10", "release_date" : "2022-09-06T00:00:00Z", "advisory" : "RHSA-2022:6351", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.10::el8", "package" : "container-native-virtualization/virt-handler:v4.10.5-3" }, { "product_name" : "RHEL-8-CNV-4.10", "release_date" : "2022-09-06T00:00:00Z", "advisory" : "RHSA-2022:6351", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.10::el8", "package" : "container-native-virtualization/virt-launcher:v4.10.5-3" }, { "product_name" : "RHEL-8-CNV-4.10", "release_date" : "2022-09-06T00:00:00Z", "advisory" : "RHSA-2022:6351", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.10::el8", "package" : "container-native-virtualization/virt-operator:v4.10.5-3" }, { "product_name" : "RHEL-8-CNV-4.12", "release_date" : "2023-01-25T00:00:00Z", "advisory" : "RHSA-2023:0408", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.12::el8", "package" : "container-native-virtualization/virt-api:v4.12.0-255" }, { "product_name" : "RHEL-8-CNV-4.12", "release_date" : "2023-01-25T00:00:00Z", "advisory" : "RHSA-2023:0408", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.12::el8", "package" : "container-native-virtualization/virt-artifacts-server:v4.12.0-255" }, { "product_name" : "RHEL-8-CNV-4.12", "release_date" : "2023-01-25T00:00:00Z", "advisory" : "RHSA-2023:0408", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.12::el8", "package" : "container-native-virtualization/virt-controller:v4.12.0-255" }, { "product_name" : "RHEL-8-CNV-4.12", "release_date" : "2023-01-25T00:00:00Z", "advisory" : "RHSA-2023:0408", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.12::el8", "package" : "container-native-virtualization/virt-handler:v4.12.0-255" }, { "product_name" : "RHEL-8-CNV-4.12", "release_date" : "2023-01-25T00:00:00Z", "advisory" : "RHSA-2023:0408", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.12::el8", "package" : "container-native-virtualization/virt-launcher:v4.12.0-255" }, { "product_name" : "RHEL-8-CNV-4.12", "release_date" : "2023-01-25T00:00:00Z", "advisory" : "RHSA-2023:0408", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.12::el8", "package" : "container-native-virtualization/virt-operator:v4.12.0-255" }, { "product_name" : "RHEL-8-CNV-4.9", "release_date" : "2022-09-22T00:00:00Z", "advisory" : "RHSA-2022:6681", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.9::el8", "package" : "container-native-virtualization/virt-api:v4.9.6-9" }, { "product_name" : "RHEL-8-CNV-4.9", "release_date" : "2022-09-22T00:00:00Z", "advisory" : "RHSA-2022:6681", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.9::el8", "package" : "container-native-virtualization/virt-artifacts-server:v4.9.6-9" }, { "product_name" : "RHEL-8-CNV-4.9", "release_date" : "2022-09-22T00:00:00Z", "advisory" : "RHSA-2022:6681", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.9::el8", "package" : "container-native-virtualization/virt-controller:v4.9.6-9" }, { "product_name" : "RHEL-8-CNV-4.9", "release_date" : "2022-09-22T00:00:00Z", "advisory" : "RHSA-2022:6681", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.9::el8", "package" : "container-native-virtualization/virt-handler:v4.9.6-9" }, { "product_name" : "RHEL-8-CNV-4.9", "release_date" : "2022-09-22T00:00:00Z", "advisory" : "RHSA-2022:6681", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.9::el8", "package" : "container-native-virtualization/virt-launcher:v4.9.6-9" }, { "product_name" : "RHEL-8-CNV-4.9", "release_date" : "2022-09-22T00:00:00Z", "advisory" : "RHSA-2022:6681", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.9::el8", "package" : "container-native-virtualization/virt-operator:v4.9.6-9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-1798\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-1798\nhttps://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm" ], "name" : "CVE-2022-1798", "csaw" : false }