KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, due to the peer verification logic in virt-handler (via verifyPeerCert), an attacker who compromises a virt-handler instance, could exploit these shared credentials to impersonate virt-api and execute privileged operations against other virt-handler instances potentially compromising the integrity and availability of the VM managed by it. This vulnerability is fixed in 1.5.3 and 1.6.1.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| kubevirt.io/kubevirt(Go) | 0 | 1.5.3 | N/A |
| kubevirt.io/kubevirt(Go) | 1.6.0-alpha.0 | 1.6.1 | N/A |
CVSS Metrics
