A flaw was found in the KubeVirt main virt-handler versions prior to 0.26.0 regarding the access permissions of virt-handler. An attacker with access to create VMs could attach any secret within their namespace, allowing them to read the contents of that secret.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
kubevirt kubevirt |