CVE-2020-1701

Summary

A flaw was found in the KubeVirt main virt-handler versions before 0.26.0 regarding the access permissions of virt-handler. An attacker with access to create VMs could attach any secret within their namespace, allowing them to read the contents of that secret.

Affected Software

VendorProductVersion RangeStatus
n/avirt-handlerkubevirt 0.26.0affected

Weaknesses

  • CWE-732: CWE-732

ADP Enrichment

CVE Program Container

Additional References

References