Main Vulnerability Database SB2024070876

SB2024070876 - Privilege escalation in kubevirt

Published: July 8, 2024

Security Bulletin ID SB2024070876

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-33394)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to application does not properly impose security restrictions. A local user can obtain all secrets in the cluster and compromise it.

Remediation

Install update from vendor's website.

References

https://gist.github.com/HouqiyuA/1b75e23ece7ad98490aec1c887bdf49b