GHSA-m3hq-3qj8-c5fm

Source

https://github.com/advisories/GHSA-m3hq-3qj8-c5fm

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/02/GHSA-m3hq-3qj8-c5fm/GHSA-m3hq-3qj8-c5fm.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-m3hq-3qj8-c5fm

Aliases

CVE-2026-1530

Published

2026-02-02T06:30:53Z

Modified

2026-02-04T18:06:51.187916Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

fog-kubevirt allows remote attacker to perform MITM attack due to disabled certificate validation

Details

A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in information disclosure and data integrity compromise.

Database specific

{
    "cwe_ids": [
        "CWE-295"
    ],
    "github_reviewed_at": "2026-02-02T21:02:03Z",
    "nvd_published_at": "2026-02-02T06:16:20Z",
    "severity": "HIGH",
    "github_reviewed": true
}

References

Affected packages

RubyGems / fog-kubevirt

Package

Name: fog-kubevirt
Purl: pkg:gem/fog-kubevirt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.1

Affected versions

0.*

0.1.0

0.1.1

0.1.2

0.1.3

0.1.4

0.1.5

0.1.6

0.1.7

0.1.8

0.2.0

0.2.1

0.3.0

1.*

1.0.1

1.0.2

1.1.0

1.1.1

1.1.2

1.1.3

1.2.0

1.2.1

1.2.2

1.2.3

1.2.4

1.2.5

1.3.0

1.3.1

1.3.2

1.3.3

1.3.4

1.3.5

1.3.6

1.3.7

1.4.0

1.5.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/02/GHSA-m3hq-3qj8-c5fm/GHSA-m3hq-3qj8-c5fm.json"