CVE-2020-14316

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-14316

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-14316.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-14316

Aliases

Published

2020-07-29T19:15:14Z

Modified

2025-01-08T06:59:01.805254Z

Severity

9.9 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A flaw was found in kubevirt 0.29 and earlier. Virtual Machine Instances (VMIs) can be used to gain access to the host's filesystem. Successful exploitation allows an attacker to assume the privileges of the VM process on the host system. In worst-case scenarios an attacker can read and modify any file on the system where the VMI is running. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1848951

Affected packages

Git / github.com/kubevirt/kubevirt

Affected ranges

Type: GIT
Repo: https://github.com/kubevirt/kubevirt
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

de80e5796454a23bc144b8eaec875d139597bc4d

Affected versions

v0.*

v0.0.1-alpha.0

v0.0.1-alpha.1

v0.0.1-alpha.2

v0.0.1-alpha.3

v0.0.1-alpha.4

v0.0.1-alpha.5

v0.0.1-alpha.6

v0.0.2

v0.0.3

v0.0.4

v0.1.0

v0.1.0-alpha

v0.10.0

v0.11.0

v0.11.1

v0.12.0

v0.12.0-alpha.0

v0.12.0-alpha.1

v0.12.0-alpha.2

v0.12.0-alpha.3

v0.13.0

v0.14.0

v0.15.0

v0.15.0-alpha.0

v0.16.0

v0.16.0-alpha.0

v0.17.0

v0.17.0-alpha.0

v0.17.0-alpha.1

v0.18.0

v0.19.0

v0.19.0-rc.0

v0.2.0

v0.20.0

v0.21.0

v0.22.0

v0.23.0

v0.24.0

v0.25.0

v0.25.0-rc.0

v0.26.0

v0.26.0-rc.0

v0.26.1

v0.27.0

v0.27.0-rc.0

v0.28.0

v0.28.0-rc.0

v0.28.0-rc.1

v0.28.0-rc.2

v0.29.0

v0.29.0-rc.0

v0.29.0-rc.1

v0.3.0

v0.3.0-alpha.0

v0.3.0-alpha.1

v0.3.0-alpha.2

v0.3.0-alpha.3

v0.3.0-alpha.4

v0.30.0

v0.30.0-rc.0

v0.30.0-rc.1

v0.30.0-rc.2

v0.30.0-rc.3

v0.30.0-rc.4

v0.31.0

v0.31.0-rc.1

v0.32.0-rc.1

v0.33.0-rc.0

v0.34.0-rc.0

v0.35.0

v0.35.0-rc.0

v0.36.0-rc.0

v0.37.0-rc.0

v0.38.0

v0.38.0-rc.0

v0.39.0-rc.0

v0.4.0

v0.4.0-alpha.0

v0.4.0-alpha.1

v0.4.0-alpha.2

v0.4.1

v0.4.1-alpha.1

v0.4.1-alpha.2

v0.40.0-rc.0

v0.41.0-rc.0

v0.42.0

v0.42.0-rc.0

v0.43.0-rc.0

v0.43.1-rc.1

v0.44.0

v0.44.0-rc.0

v0.45.0

v0.45.0-rc.0

v0.46.0

v0.46.0-rc.0

v0.47.0-rc.0

v0.48.0

v0.48.0-rc.0

v0.49.0

v0.49.0-rc.0

v0.5.0

v0.5.0-alpha.0

v0.5.0-alpha.1

v0.5.1-alpha.1

v0.5.1-alpha.2

v0.5.1-alpha.3

v0.50.0

v0.50.0-rc.0

v0.51.0

v0.51.0-rc.0

v0.52.0

v0.52.0-rc.0

v0.53.0

v0.53.0-rc.0

v0.54.0

v0.54.0-rc.0

v0.55.0

v0.55.0-rc.0

v0.56.0-rc.0

v0.57.0

v0.57.0-rc.0

v0.58.0

v0.58.0-rc.0

v0.59.0

v0.59.0-alpha.0

v0.59.0-alpha.1

v0.59.0-alpha.2

v0.59.0-rc.0

v0.59.0-rc.1

v0.59.0-rc.2

v0.59.1

v0.6.0

v0.6.1

v0.6.1-alpha.0

v0.7.0

v0.7.0-alpha.0

v0.7.0-alpha.1

v0.7.0-alpha.2

v0.7.0-alpha.3

v0.7.0-alpha.4

v0.7.0-alpha.5

v0.8.0

v0.8.0-alpha.0

v0.8.0-alpha.1

v0.8.0-alpha.2

v0.9.0

v0.9.0-alpha.0

v0.9.0-alpha.1

v0.9.1

v0.9.2

v0.9.3