A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Redhat |
|
Configuration 1 [-]
|
| Package | CPE | Advisory | Released Date |
|---|---|---|---|
| Red Hat OpenShift Container Platform 4.13 | |||
| openshift4/kubevirt-csi-driver-rhel8:v4.13.0-202404200313.p0.g9d909f7.assembly.stream.el8 | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2024:2047 | 2024-05-02T00:00:00Z |
| Red Hat OpenShift Container Platform 4.14 | |||
| openshift4/kubevirt-csi-driver-rhel8:v4.14.0-202404161544.p0.g48fafc4.assembly.stream.el8 | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2024:1891 | 2024-04-26T00:00:00Z |
| Red Hat OpenShift Container Platform 4.15 | |||
| openshift4/kubevirt-csi-driver-rhel8:v4.15.0-202403220332.p0.gd3bdbce.assembly.stream.el8 | cpe:/a:redhat:openshift:4.15::el8 | RHSA-2024:1559 | 2024-04-02T00:00:00Z |
References
History
Wed, 26 Mar 2025 05:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
cvssV3_1
|
Tue, 11 Mar 2025 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Redhat openshift Container Platform
Redhat openshift Container Platform For Arm64 Redhat openshift Container Platform For Ibm Z Redhat openshift Container Platform For Linuxone Redhat openshift Container Platform For Power |
|
| Weaknesses | NVD-CWE-noinfo | |
| CPEs | cpe:2.3:a:redhat:openshift_container_platform:4.13:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform:4.14:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform:4.15:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.13:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.14:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.15:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.13:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.14:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.15:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.13:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.14:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.15:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform_for_power:4.13:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform_for_power:4.14:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform_for_power:4.15:*:*:*:*:*:*:* |
|
| Vendors & Products |
Redhat openshift Container Platform
Redhat openshift Container Platform For Arm64 Redhat openshift Container Platform For Ibm Z Redhat openshift Container Platform For Linuxone Redhat openshift Container Platform For Power |
Wed, 06 Nov 2024 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-03-07T20:09:11.616Z
Updated: 2025-08-27T12:19:44.708Z
Reserved: 2024-02-21T20:27:59.807Z
Link: CVE-2024-1725
Vulnrichment
Updated: 2024-08-01T18:48:21.831Z
NVD
Status : Modified
Published: 2024-03-07T20:15:50.690
Modified: 2025-03-26T05:15:40.107
Link: CVE-2024-1725
Redhat