CVE-2020-14316

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-14316

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-14316.json

Aliases

GHSA-828r-r2c8-rfw3

Published

2020-07-29T19:15:14Z

Modified

2024-05-14T07:38:24.901526Z

Summary

[none]

Details

A flaw was found in kubevirt 0.29 and earlier. Virtual Machine Instances (VMIs) can be used to gain access to the host's filesystem. Successful exploitation allows an attacker to assume the privileges of the VM process on the host system. In worst-case scenarios an attacker can read and modify any file on the system where the VMI is running. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1848951

Affected packages

Git / github.com/kubevirt/kubevirt

Affected ranges

Type: GIT
Repo: https://github.com/kubevirt/kubevirt
Events: Introduced

0The exact introduced commit is unknown

Last affected

de80e5796454a23bc144b8eaec875d139597bc4d

Affected versions

v0.*

v0.0.1-alpha.0

v0.0.1-alpha.1

v0.0.1-alpha.2

v0.0.1-alpha.3

v0.0.1-alpha.4

v0.0.1-alpha.5

v0.0.1-alpha.6

v0.0.2

v0.0.3

v0.0.4

v0.1.0

v0.1.0-alpha

v0.10.0

v0.11.0

v0.11.1

v0.12.0

v0.12.0-alpha.0

v0.12.0-alpha.1

v0.12.0-alpha.2

v0.12.0-alpha.3

v0.13.0

v0.14.0

v0.15.0

v0.15.0-alpha.0

v0.16.0

v0.16.0-alpha.0

v0.17.0

v0.17.0-alpha.0

v0.17.0-alpha.1

v0.18.0

v0.19.0

v0.19.0-rc.0

v0.2.0

v0.20.0

v0.21.0

v0.22.0

v0.23.0

v0.24.0

v0.25.0

v0.25.0-rc.0

v0.26.0

v0.26.0-rc.0

v0.26.1

v0.27.0

v0.27.0-rc.0

v0.28.0

v0.28.0-rc.0

v0.28.0-rc.1

v0.28.0-rc.2

v0.29.0

v0.29.0-rc.0

v0.29.0-rc.1

v0.3.0

v0.3.0-alpha.0

v0.3.0-alpha.1

v0.3.0-alpha.2

v0.3.0-alpha.3

v0.3.0-alpha.4

v0.30.0

v0.30.0-rc.0

v0.30.0-rc.1

v0.30.0-rc.2

v0.30.0-rc.3

v0.30.0-rc.4

v0.31.0

v0.31.0-rc.1

v0.32.0-rc.1

v0.33.0-rc.0

v0.34.0-rc.0

v0.35.0

v0.35.0-rc.0

v0.36.0-rc.0

v0.37.0-rc.0

v0.38.0

v0.38.0-rc.0

v0.39.0-rc.0

v0.4.0

v0.4.0-alpha.0

v0.4.0-alpha.1

v0.4.0-alpha.2

v0.4.1

v0.4.1-alpha.1

v0.4.1-alpha.2

v0.40.0-rc.0

v0.41.0-rc.0

v0.42.0

v0.42.0-rc.0

v0.43.0-rc.0

v0.43.1-rc.1

v0.44.0

v0.44.0-rc.0

v0.45.0

v0.45.0-rc.0

v0.46.0

v0.46.0-rc.0

v0.47.0-rc.0

v0.48.0

v0.48.0-rc.0

v0.49.0

v0.49.0-rc.0

v0.5.0

v0.5.0-alpha.0

v0.5.0-alpha.1

v0.5.1-alpha.1

v0.5.1-alpha.2

v0.5.1-alpha.3

v0.50.0

v0.50.0-rc.0

v0.51.0

v0.51.0-rc.0

v0.52.0

v0.52.0-rc.0

v0.53.0

v0.53.0-rc.0

v0.54.0

v0.54.0-rc.0

v0.55.0

v0.55.0-rc.0

v0.56.0-rc.0

v0.57.0

v0.57.0-rc.0

v0.58.0

v0.58.0-rc.0

v0.59.0

v0.59.0-alpha.0

v0.59.0-alpha.1

v0.59.0-alpha.2

v0.59.0-rc.0

v0.59.0-rc.1

v0.59.0-rc.2

v0.59.1

v0.6.0

v0.6.1

v0.6.1-alpha.0

v0.7.0

v0.7.0-alpha.0

v0.7.0-alpha.1

v0.7.0-alpha.2

v0.7.0-alpha.3

v0.7.0-alpha.4

v0.7.0-alpha.5

v0.8.0

v0.8.0-alpha.0

v0.8.0-alpha.1

v0.8.0-alpha.2

v0.9.0

v0.9.0-alpha.0

v0.9.0-alpha.1

v0.9.1

v0.9.2

v0.9.3