KubeVirt Main virt-handler Access Permissions Vulnerability

KubeVirt Main virt-handler Access Permissions Vulnerability

CVE-2020-1701 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

A flaw was found in the KubeVirt main virt-handler versions before 0.26.0 regarding the access permissions of virt-handler. An attacker with access to create VMs could attach any secret within their namespace, allowing them to read the contents of that secret.

Learn more about our Web Application Penetration Testing UK.