What is CVE-2023-26484?

CVE-2023-26484 is a vulnerability in KubeVirt, a virtual machine management add-on for Kubernetes, where a malicious user with control over a Kubernetes node can modify all node specs.

How does CVE-2023-26484 impact KubeVirt?

CVE-2023-26484 allows an attacker who has compromised a Kubernetes node running virt-handler to modify all node specs, potentially leading to unauthorized access and control over the Kubernetes cluster.

What is the severity of CVE-2023-26484?

CVE-2023-26484 has a severity rating of 8.2 (high).

Which versions of KubeVirt are affected by CVE-2023-26484?

Versions up to and including 0.59.0 of KubeVirt are affected by CVE-2023-26484.

How can I fix CVE-2023-26484 in KubeVirt?

To fix CVE-2023-26484, it is recommended to update KubeVirt to a version higher than 0.59.0 to mitigate the vulnerability.

Vulnerability/
CVE-2023-26484

high

8.2

CWE

863

15/3/2023

2/8/2024

CVE-2023-26484: On a compromised KubeVirt node, the virt-handler service account can be used to modify all node specs

First published: Wed Mar 15 2023(Updated: )

KubeVirt is a virtual machine management add-on for Kubernetes. In versions 0.59.0 and prior, if a malicious user has taken over a Kubernetes node where virt-handler (the KubeVirt node-daemon) is running, the virt-handler service account can be used to modify all node specs. This can be misused to lure-in system-level-privileged components which can, for instance, read all secrets on the cluster, or can exec into pods on other nodes. This way, a compromised node can be used to elevate privileges beyond the node until potentially having full privileged access to the whole cluster. The simplest way to exploit this, once a user could compromise a specific node, is to set with the virt-handler service account all other nodes to unschedulable and simply wait until system-critical components with high privileges appear on its node. No patches are available as of time of publication. As a workaround, gatekeeper users can add a webhook which will block the `virt-handler` service account to modify the spec of a node.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Kubevirt Kubevirt Kubernetes	<=0.59.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-26484?
CVE-2023-26484 is a vulnerability in KubeVirt, a virtual machine management add-on for Kubernetes, where a malicious user with control over a Kubernetes node can modify all node specs.
How does CVE-2023-26484 impact KubeVirt?
CVE-2023-26484 allows an attacker who has compromised a Kubernetes node running virt-handler to modify all node specs, potentially leading to unauthorized access and control over the Kubernetes cluster.
What is the severity of CVE-2023-26484?
CVE-2023-26484 has a severity rating of 8.2 (high).
Which versions of KubeVirt are affected by CVE-2023-26484?
Versions up to and including 0.59.0 of KubeVirt are affected by CVE-2023-26484.
How can I fix CVE-2023-26484 in KubeVirt?
To fix CVE-2023-26484, it is recommended to update KubeVirt to a version higher than 0.59.0 to mitigate the vulnerability.

agent/references
agent/type
collector/nvd-index
agent/software-canonical-lookup-request
agent/weakness
agent/author
agent/softwarecombine
agent/description
collector/mitre-cve
source/MITRE
agent/title
agent/severity
agent/last-modified-date
agent/first-publish-date
agent/event
agent/tags
vendor/kubevirt
canonical/kubevirt kubevirt kubernetes
version/kubevirt kubevirt kubernetes/0.59.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.