GHSA-4q63-mr2m-57hf

Source

https://github.com/advisories/GHSA-4q63-mr2m-57hf

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-4q63-mr2m-57hf/GHSA-4q63-mr2m-57hf.json

Aliases

CVE-2024-33394

Published

2024-05-02T18:30:55Z

Modified

2024-05-03T20:43:32.591981Z

Summary

kubevirt allows a local attacker to execute arbitrary code via a crafted command

Details

An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component.

References

Affected packages

Go / kubevirt.io/kubevirt

Package

Name: kubevirt.io/kubevirt

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Last affected

1.2.0