Vulnerability Details CVE-2024-1725
A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.9%
CVSS Severity
CVSS v3 Score 6.5
References
- https://access.redhat.com/errata/RHSA-2024:1559
- https://access.redhat.com/errata/RHSA-2024:1891
- https://access.redhat.com/errata/RHSA-2024:2047
- https://access.redhat.com/security/cve/CVE-2024-1725
- https://bugzilla.redhat.com/show_bug.cgi?id=2265398
- https://access.redhat.com/errata/RHSA-2024:1559
- https://access.redhat.com/errata/RHSA-2024:1891
- https://access.redhat.com/errata/RHSA-2024:2047
- https://access.redhat.com/security/cve/CVE-2024-1725
- https://bugzilla.redhat.com/show_bug.cgi?id=2265398
Products affected by CVE-2024-1725
-
cpe:2.3:a:redhat:openshift_container_platform:4.13
-
cpe:2.3:a:redhat:openshift_container_platform:4.14
-
cpe:2.3:a:redhat:openshift_container_platform:4.15
-
cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.13
-
cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.14
-
cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.15
-
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.13
-
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.14
-
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.15
-
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.13
-
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.14
-
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.15
-
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.13
-
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.14
-
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.15