A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| github.com/kubevirt/csi-driver(Go) | 0 | 0.0.0-202403081943-cc28dcbb0afc14 | N/A |
CVSS Metrics
