What is the vulnerability ID for this KubeVirt vulnerability?

The vulnerability ID for this KubeVirt vulnerability is CVE-2022-1798.

What is the severity of CVE-2022-1798?

CVE-2022-1798 has a severity level of high.

Which versions of KubeVirt are affected by CVE-2022-1798?

CVE-2022-1798 affects KubeVirt versions up to 0.56 (and 0.55.1) on all platforms.

How does CVE-2022-1798 allow an attacker to read arbitrary files?

CVE-2022-1798 allows an attacker to read arbitrary files on the host filesystem that are publicly readable or readable for UID 107 or GID 107.

Is the /proc/self/<> path accessible in CVE-2022-1798?

No, the /proc/self/<> path is not accessible in CVE-2022-1798.

Vulnerability/
CVE-2022-1798

high

8.7

CWE

22 20

8/8/2022

15/9/2022

3/8/2024

CVE-2022-1798: Path Traversal vulnerability in Kubevirt

First published: Mon Aug 08 2022(Updated: )

A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.

Credit: cve-coordination@google.com

Affected Software	Affected Version	How to fix
Kubevirt Kubevirt Kubernetes	>=0.20.0<0.55.1

Remedy

https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is the vulnerability ID for this KubeVirt vulnerability?
The vulnerability ID for this KubeVirt vulnerability is CVE-2022-1798.
What is the severity of CVE-2022-1798?
CVE-2022-1798 has a severity level of high.
Which versions of KubeVirt are affected by CVE-2022-1798?
CVE-2022-1798 affects KubeVirt versions up to 0.56 (and 0.55.1) on all platforms.
How does CVE-2022-1798 allow an attacker to read arbitrary files?
CVE-2022-1798 allows an attacker to read arbitrary files on the host filesystem that are publicly readable or readable for UID 107 or GID 107.
Is the /proc/self/<> path accessible in CVE-2022-1798?
No, the /proc/self/<> path is not accessible in CVE-2022-1798.

collector/redhat-cve
agent/type
agent/first-publish-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2022-1798
agent/weakness
agent/author
agent/references
agent/remedy
collector/nvd-index
agent/software-canonical-lookup-request
agent/softwarecombine
agent/description
collector/mitre-cve
source/MITRE
agent/title
agent/severity
agent/last-modified-date
agent/tags
agent/event
vendor/kubevirt
canonical/kubevirt kubevirt kubernetes
version/kubevirt kubevirt kubernetes/0.20.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.