{"containers": {"cna": {"affected": [{"platforms": ["all"], "product": "Kubevirt", "vendor": "Google LLC", "versions": [{"lessThan": "0.55.1", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "0.56.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Oliver Brooks and James Klopchic of NCC Group"}, {"lang": "en", "value": "Diane Dubois and Roman Mohr of Google"}], "descriptions": [{"lang": "en", "value": "A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-15T15:45:12", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364"}], "source": {"discovery": "EXTERNAL"}, "title": "Path Traversal vulnerability in Kubevirt", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "ID": "CVE-2022-1798", "STATE": "PUBLIC", "TITLE": "Path Traversal vulnerability in Kubevirt"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Kubevirt", "version": {"version_data": [{"platform": "all", "version_affected": "<", "version_value": "0.55.1"}, {"platform": "all", "version_affected": "<", "version_value": "0.56.0"}]}}]}, "vendor_name": "Google LLC"}]}}, "credit": [{"lang": "eng", "value": "Oliver Brooks and James Klopchic of NCC Group"}, {"lang": "eng", "value": "Diane Dubois and Roman Mohr of Google"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20 Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364", "refsource": "CONFIRM", "url": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:17:00.704Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364"}]}]}, "cveMetadata": {"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2022-1798", "datePublished": "2022-09-15T15:45:12", "dateReserved": "2022-05-19T00:00:00", "dateUpdated": "2024-08-03T00:17:00.704Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kubevirt:kubevirt:*:*:*:*:*:kubernetes:*:*", "matchCriteriaId": "E3E349C1-0216-47B4-B160-13C5B99BC633", "versionEndExcluding": "0.55.1", "versionStartIncluding": "0.20.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible."}, {"lang": "es", "value": "Una vulnerabilidad de salto de ruta en KubeVirt versiones hasta 0.56 (y 0.55.1) en todas las plataformas permite a un usuario capaz de configurar el kubevirt para leer archivos arbitrarios en el sistema de archivos del host que son legibles p\u00fablicamente o que son legibles para UID 107 o GID 107. /proc/self/() no es accesible"}], "id": "CVE-2022-1798", "lastModified": "2024-11-21T06:41:29.633", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "cve-coordination@google.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-15T16:15:10.107", "references": [{"source": "cve-coordination@google.com", "tags": ["Exploit", "Mitigation", "Patch", "Third Party Advisory"], "url": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mitigation", "Patch", "Third Party Advisory"], "url": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364"}], "sourceIdentifier": "cve-coordination@google.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "cve-coordination@google.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Oliver Brooks and James Klopchic (NCC Group) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2022:6890", "cpe": "cpe:/a:redhat:container_native_virtualization:4.8::el8", "package": "kubernetes-nmstate-handler-container", "product_name": "Red Hat OpenShift Virtualization 4", "release_date": "2022-10-11T00:00:00Z"}, {"advisory": "RHSA-2022:6890", "cpe": "cpe:/a:redhat:container_native_virtualization:4.8::el8", "package": "kubevirt-v2v-conversion-container", "product_name": "Red Hat OpenShift Virtualization 4", "release_date": "2022-10-11T00:00:00Z"}, {"advisory": "RHSA-2022:6890", "cpe": "cpe:/a:redhat:container_native_virtualization:4.8::el8", "package": "kubevirt-vmware-container", "product_name": "Red Hat OpenShift Virtualization 4", "release_date": "2022-10-11T00:00:00Z"}, {"advisory": "RHSA-2022:6890", "cpe": "cpe:/a:redhat:container_native_virtualization:4.8::el8", "package": "node-maintenance-operator-container", "product_name": "Red Hat OpenShift Virtualization 4", "release_date": "2022-10-11T00:00:00Z"}, {"advisory": "RHSA-2022:6890", "cpe": "cpe:/a:redhat:container_native_virtualization:4.8::el8", "package": "vm-import-controller-container", "product_name": "Red Hat OpenShift Virtualization 4", "release_date": "2022-10-11T00:00:00Z"}, {"advisory": "RHSA-2022:6890", "cpe": "cpe:/a:redhat:container_native_virtualization:4.8::el8", "package": "vm-import-operator-container", "product_name": "Red Hat OpenShift Virtualization 4", "release_date": "2022-10-11T00:00:00Z"}, {"advisory": "RHSA-2022:6890", "cpe": "cpe:/a:redhat:container_native_virtualization:4.8::el8", "package": "vm-import-virtv2v-container", "product_name": "Red Hat OpenShift Virtualization 4", "release_date": "2022-10-11T00:00:00Z"}, {"advisory": "RHSA-2022:6351", "cpe": "cpe:/a:redhat:container_native_virtualization:4.10::el8", "package": "container-native-virtualization/virt-api:v4.10.5-3", "product_name": "RHEL-8-CNV-4.10", "release_date": "2022-09-06T00:00:00Z"}, {"advisory": "RHSA-2022:6351", "cpe": "cpe:/a:redhat:container_native_virtualization:4.10::el8", "package": "container-native-virtualization/virt-artifacts-server:v4.10.5-3", "product_name": "RHEL-8-CNV-4.10", "release_date": "2022-09-06T00:00:00Z"}, {"advisory": "RHSA-2022:6351", "cpe": "cpe:/a:redhat:container_native_virtualization:4.10::el8", "package": "container-native-virtualization/virt-controller:v4.10.5-3", "product_name": "RHEL-8-CNV-4.10", "release_date": "2022-09-06T00:00:00Z"}, {"advisory": "RHSA-2022:6351", "cpe": "cpe:/a:redhat:container_native_virtualization:4.10::el8", "package": "container-native-virtualization/virt-handler:v4.10.5-3", "product_name": "RHEL-8-CNV-4.10", "release_date": "2022-09-06T00:00:00Z"}, {"advisory": "RHSA-2022:6351", "cpe": "cpe:/a:redhat:container_native_virtualization:4.10::el8", "package": "container-native-virtualization/virt-launcher:v4.10.5-3", "product_name": "RHEL-8-CNV-4.10", "release_date": "2022-09-06T00:00:00Z"}, {"advisory": "RHSA-2022:6351", "cpe": "cpe:/a:redhat:container_native_virtualization:4.10::el8", "package": "container-native-virtualization/virt-operator:v4.10.5-3", "product_name": "RHEL-8-CNV-4.10", "release_date": "2022-09-06T00:00:00Z"}, {"advisory": "RHSA-2022:6526", "cpe": "cpe:/a:redhat:container_native_virtualization:4.11::el8", "package": "container-native-virtualization/virt-api:v4.11.0-106", "product_name": "RHEL-8-CNV-4.11", "release_date": "2022-09-14T00:00:00Z"}, {"advisory": "RHSA-2022:6526", "cpe": "cpe:/a:redhat:container_native_virtualization:4.11::el8", "package": "container-native-virtualization/virt-artifacts-server:v4.11.0-106", "product_name": "RHEL-8-CNV-4.11", "release_date": "2022-09-14T00:00:00Z"}, {"advisory": "RHSA-2022:6526", "cpe": "cpe:/a:redhat:container_native_virtualization:4.11::el8", "package": "container-native-virtualization/virt-controller:v4.11.0-106", "product_name": "RHEL-8-CNV-4.11", "release_date": "2022-09-14T00:00:00Z"}, {"advisory": "RHSA-2022:6526", "cpe": "cpe:/a:redhat:container_native_virtualization:4.11::el8", "package": "container-native-virtualization/virt-handler:v4.11.0-106", "product_name": "RHEL-8-CNV-4.11", "release_date": "2022-09-14T00:00:00Z"}, {"advisory": "RHSA-2022:6526", "cpe": "cpe:/a:redhat:container_native_virtualization:4.11::el8", "package": "container-native-virtualization/virt-launcher:v4.11.0-106", "product_name": "RHEL-8-CNV-4.11", "release_date": "2022-09-14T00:00:00Z"}, {"advisory": "RHSA-2022:6526", "cpe": "cpe:/a:redhat:container_native_virtualization:4.11::el8", "package": "container-native-virtualization/virt-operator:v4.11.0-106", "product_name": "RHEL-8-CNV-4.11", "release_date": "2022-09-14T00:00:00Z"}, {"advisory": "RHSA-2023:0408", "cpe": "cpe:/a:redhat:container_native_virtualization:4.12::el8", "package": "container-native-virtualization/virt-api:v4.12.0-255", "product_name": "RHEL-8-CNV-4.12", "release_date": "2023-01-25T00:00:00Z"}, {"advisory": "RHSA-2023:0408", "cpe": "cpe:/a:redhat:container_native_virtualization:4.12::el8", "package": "container-native-virtualization/virt-artifacts-server:v4.12.0-255", "product_name": "RHEL-8-CNV-4.12", "release_date": "2023-01-25T00:00:00Z"}, {"advisory": "RHSA-2023:0408", "cpe": "cpe:/a:redhat:container_native_virtualization:4.12::el8", "package": "container-native-virtualization/virt-controller:v4.12.0-255", "product_name": "RHEL-8-CNV-4.12", "release_date": "2023-01-25T00:00:00Z"}, {"advisory": "RHSA-2023:0408", "cpe": "cpe:/a:redhat:container_native_virtualization:4.12::el8", "package": "container-native-virtualization/virt-handler:v4.12.0-255", "product_name": "RHEL-8-CNV-4.12", "release_date": "2023-01-25T00:00:00Z"}, {"advisory": "RHSA-2023:0408", "cpe": "cpe:/a:redhat:container_native_virtualization:4.12::el8", "package": "container-native-virtualization/virt-launcher:v4.12.0-255", "product_name": "RHEL-8-CNV-4.12", "release_date": "2023-01-25T00:00:00Z"}, {"advisory": "RHSA-2023:0408", "cpe": "cpe:/a:redhat:container_native_virtualization:4.12::el8", "package": "container-native-virtualization/virt-operator:v4.12.0-255", "product_name": "RHEL-8-CNV-4.12", "release_date": "2023-01-25T00:00:00Z"}, {"advisory": "RHSA-2022:6681", "cpe": "cpe:/a:redhat:container_native_virtualization:4.9::el8", "package": "container-native-virtualization/virt-api:v4.9.6-9", "product_name": "RHEL-8-CNV-4.9", "release_date": "2022-09-22T00:00:00Z"}, {"advisory": "RHSA-2022:6681", "cpe": "cpe:/a:redhat:container_native_virtualization:4.9::el8", "package": "container-native-virtualization/virt-artifacts-server:v4.9.6-9", "product_name": "RHEL-8-CNV-4.9", "release_date": "2022-09-22T00:00:00Z"}, {"advisory": "RHSA-2022:6681", "cpe": "cpe:/a:redhat:container_native_virtualization:4.9::el8", "package": "container-native-virtualization/virt-controller:v4.9.6-9", "product_name": "RHEL-8-CNV-4.9", "release_date": "2022-09-22T00:00:00Z"}, {"advisory": "RHSA-2022:6681", "cpe": "cpe:/a:redhat:container_native_virtualization:4.9::el8", "package": "container-native-virtualization/virt-handler:v4.9.6-9", "product_name": "RHEL-8-CNV-4.9", "release_date": "2022-09-22T00:00:00Z"}, {"advisory": "RHSA-2022:6681", "cpe": "cpe:/a:redhat:container_native_virtualization:4.9::el8", "package": "container-native-virtualization/virt-launcher:v4.9.6-9", "product_name": "RHEL-8-CNV-4.9", "release_date": "2022-09-22T00:00:00Z"}, {"advisory": "RHSA-2022:6681", "cpe": "cpe:/a:redhat:container_native_virtualization:4.9::el8", "package": "container-native-virtualization/virt-operator:v4.9.6-9", "product_name": "RHEL-8-CNV-4.9", "release_date": "2022-09-22T00:00:00Z"}], "bugzilla": {"description": "kubeVirt: Arbitrary file read on the host from KubeVirt VMs", "id": "2117872", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117872"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-22", "details": ["A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.", "An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from."], "name": "CVE-2022-1798", "public_date": "2022-08-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-1798\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-1798\nhttps://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm"], "threat_severity": "Important"}