CVE-2022-1798
- Source
- https://cve.org/CVERecord?id=CVE-2022-1798
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-1798.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-1798
- Aliases
- Downstream
- Related
- Published
- 2022-09-15T15:45:12Z
- Modified
- 2026-05-12T04:06:19.066895Z
- Severity
-
- 8.7 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:H CVSS Calculator
- Summary
- Path Traversal vulnerability in Kubevirt
- Details
-
A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.
- Database specific
{ "cwe_ids": [ "CWE-20" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/1xxx/CVE-2022-1798.json", "cna_assigner": "Google" }- References
Affected packages
Git / github.com/kubevirt/kubevirt
Affected versions
v0.*
v0.20.0
v0.21.0
v0.22.0
v0.23.0
v0.24.0
v0.25.0
v0.25.0-rc.0
v0.26.0
v0.26.0-rc.0
v0.26.1
v0.27.0
v0.27.0-rc.0
v0.28.0
v0.28.0-rc.0
v0.28.0-rc.1
v0.28.0-rc.2
v0.29.0
v0.29.0-rc.0
v0.29.0-rc.1
v0.30.0
v0.30.0-rc.0
v0.30.0-rc.1
v0.30.0-rc.2
v0.30.0-rc.3
v0.30.0-rc.4
v0.31.0
v0.31.0-rc.1
v0.32.0-rc.1
v0.33.0-rc.0
v0.34.0-rc.0
v0.35.0
v0.35.0-rc.0
v0.36.0-rc.0
v0.37.0-rc.0
v0.38.0
v0.38.0-rc.0
v0.39.0-rc.0
v0.40.0-rc.0
v0.41.0-rc.0
v0.42.0
v0.42.0-rc.0
v0.43.0-rc.0
v0.43.1-rc.1
v0.44.0
v0.44.0-rc.0
v0.45.0
v0.45.0-rc.0
v0.46.0
v0.46.0-rc.0
v0.47.0-rc.0
v0.48.0
v0.48.0-rc.0
v0.49.0
v0.49.0-rc.0
v0.50.0
v0.50.0-rc.0
v0.51.0
v0.51.0-rc.0
v0.52.0
v0.52.0-rc.0
v0.53.0
v0.53.0-rc.0
v0.54.0
v0.54.0-rc.0
v0.55.0
v0.55.0-rc.0