CVE-2023-26484

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-26484

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-26484.json

Aliases

GHSA-cp96-jpmq-xrr2

Published

2023-03-15T21:15:08Z

Modified

2023-11-29T09:55:29.681038Z

Details

KubeVirt is a virtual machine management add-on for Kubernetes. In versions 0.59.0 and prior, if a malicious user has taken over a Kubernetes node where virt-handler (the KubeVirt node-daemon) is running, the virt-handler service account can be used to modify all node specs. This can be misused to lure-in system-level-privileged components which can, for instance, read all secrets on the cluster, or can exec into pods on other nodes. This way, a compromised node can be used to elevate privileges beyond the node until potentially having full privileged access to the whole cluster. The simplest way to exploit this, once a user could compromise a specific node, is to set with the virt-handler service account all other nodes to unschedulable and simply wait until system-critical components with high privileges appear on its node. No patches are available as of time of publication. As a workaround, gatekeeper users can add a webhook which will block the virt-handler service account to modify the spec of a node.

References

Affected packages

Git / github.com/kubevirt/kubevirt

Affected ranges

Type: GIT
Repo: https://github.com/kubevirt/kubevirt
Events: Introduced

0The exact introduced commit is unknown

Last affected

78f5184d1794838c5fc5061f920273fb4e5283ed

Affected versions

v0.*

v0.0.1-alpha.0

v0.0.1-alpha.1

v0.0.1-alpha.2

v0.0.1-alpha.3

v0.0.1-alpha.4

v0.0.1-alpha.5

v0.0.1-alpha.6

v0.0.2

v0.0.3

v0.0.4

v0.1.0

v0.1.0-alpha

v0.10.0

v0.11.0

v0.11.1

v0.12.0

v0.12.0-alpha.0

v0.12.0-alpha.1

v0.12.0-alpha.2

v0.12.0-alpha.3

v0.13.0

v0.14.0

v0.15.0

v0.15.0-alpha.0

v0.16.0

v0.16.0-alpha.0

v0.17.0

v0.17.0-alpha.0

v0.17.0-alpha.1

v0.18.0

v0.19.0

v0.19.0-rc.0

v0.2.0

v0.20.0

v0.21.0

v0.22.0

v0.23.0

v0.24.0

v0.25.0

v0.25.0-rc.0

v0.26.0

v0.26.0-rc.0

v0.26.1

v0.27.0

v0.27.0-rc.0

v0.28.0

v0.28.0-rc.0

v0.28.0-rc.1

v0.28.0-rc.2

v0.29.0

v0.29.0-rc.0

v0.29.0-rc.1

v0.3.0

v0.3.0-alpha.0

v0.3.0-alpha.1

v0.3.0-alpha.2

v0.3.0-alpha.3

v0.3.0-alpha.4

v0.30.0

v0.30.0-rc.0

v0.30.0-rc.1

v0.30.0-rc.2

v0.30.0-rc.3

v0.30.0-rc.4

v0.31.0

v0.31.0-rc.1

v0.32.0-rc.1

v0.33.0-rc.0

v0.34.0-rc.0

v0.35.0

v0.35.0-rc.0

v0.36.0-rc.0

v0.37.0-rc.0

v0.38.0

v0.38.0-rc.0

v0.39.0-rc.0

v0.4.0

v0.4.0-alpha.0

v0.4.0-alpha.1

v0.4.0-alpha.2

v0.4.1

v0.4.1-alpha.1

v0.4.1-alpha.2

v0.40.0-rc.0

v0.41.0-rc.0

v0.42.0

v0.42.0-rc.0

v0.43.0-rc.0

v0.43.1-rc.1

v0.44.0

v0.44.0-rc.0

v0.45.0

v0.45.0-rc.0

v0.46.0

v0.46.0-rc.0

v0.47.0-rc.0

v0.48.0

v0.48.0-rc.0

v0.49.0

v0.49.0-rc.0

v0.5.0

v0.5.0-alpha.0

v0.5.0-alpha.1

v0.5.1-alpha.1

v0.5.1-alpha.2

v0.5.1-alpha.3

v0.50.0

v0.50.0-rc.0

v0.51.0

v0.51.0-rc.0

v0.52.0

v0.52.0-rc.0

v0.53.0

v0.53.0-rc.0

v0.54.0

v0.54.0-rc.0

v0.55.0

v0.55.0-rc.0

v0.56.0-rc.0

v0.57.0

v0.57.0-rc.0

v0.58.0

v0.58.0-rc.0

v0.59.0

v0.59.0-alpha.0

v0.59.0-alpha.1

v0.59.0-alpha.2

v0.59.0-rc.0

v0.59.0-rc.1

v0.59.0-rc.2

v0.6.0

v0.6.1

v0.6.1-alpha.0

v0.7.0

v0.7.0-alpha.0

v0.7.0-alpha.1

v0.7.0-alpha.2

v0.7.0-alpha.3

v0.7.0-alpha.4

v0.7.0-alpha.5

v0.8.0

v0.8.0-alpha.0

v0.8.0-alpha.1

v0.8.0-alpha.2

v0.9.0

v0.9.0-alpha.0

v0.9.0-alpha.1

v0.9.1

v0.9.2

v0.9.3