What is the vulnerability ID for this flaw?

The vulnerability ID for this flaw is CVE-2020-1701.

What software versions are affected by this vulnerability?

Versions before 0.26.0 of KubeVirt main virt-handler and Kubevirt are affected by this vulnerability.

What is the severity of CVE-2020-1701?

The severity of CVE-2020-1701 is medium.

Is there a fix available for this vulnerability?

Yes, the fix for this vulnerability is to upgrade to version 0.26.0 of KubeVirt main virt-handler.

Vulnerability/
CVE-2020-1701

medium

6.5

CWE

732

17/1/2020

27/5/2021

1/6/2021

4/8/2024

CVE-2020-1701

First published: Fri Jan 17 2020(Updated: )

A flaw was found in the KubeVirt main virt-handler versions before 0.26.0 regarding the access permissions of virt-handler. An attacker with access to create VMs could attach any secret within their namespace, allowing them to read the contents of that secret.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
go/kubevirt.io/kubevirt	<0.26.0	0.26.0
redhat/kubevirt	<0.26.0	0.26.0
Kubevirt Kubevirt Kubernetes	<0.26.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID for this flaw?
The vulnerability ID for this flaw is CVE-2020-1701.
What software versions are affected by this vulnerability?
Versions before 0.26.0 of KubeVirt main virt-handler and Kubevirt are affected by this vulnerability.
What is the severity of CVE-2020-1701?
The severity of CVE-2020-1701 is medium.
How can an attacker exploit this vulnerability?
An attacker with access to create VMs could attach any secret within their namespace, allowing them to read the contents of that secret.
Is there a fix available for this vulnerability?
Yes, the fix for this vulnerability is to upgrade to version 0.26.0 of KubeVirt main virt-handler.

agent/type
agent/first-publish-date
collector/github-advisory-latest
source/GitHub
alias/GHSA-849r-8wvp-4wwg
alias/CVE-2020-1701
agent/software-canonical-lookup
agent/severity
agent/last-modified-date
agent/references
agent/weakness
agent/event
agent/description
collector/redhat-bugzilla
source/Red Hat
agent/author
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-cve
source/NVD
agent/softwarecombine
collector/github-advisory
agent/tags
collector/mitre-cve
source/MITRE
package-manager/go
package-manager/redhat
vendor/kubevirt
canonical/kubevirt kubevirt kubernetes

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.