Suggestions search

Untriaged

Filter by:

With package: kubevirt

Found 2 matching suggestions

View:

Compact

Detailed

Permalink CVE-2026-6383

5.4 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): Low (L)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): Low (L)
Modified Availability (MA): None (N)

created 1 month, 1 week ago Activity log

Created suggestion 1 month, 1 week ago

Kubevirt: kubevirt: unauthorized subresource access due to improper rbac evaluation

A flaw was found in KubeVirt's Role-Based Access Control (RBAC) evaluation logic. The authorization mechanism improperly truncates subresource names, leading to incorrect permission evaluations. This allows authenticated users with specific custom roles to gain unauthorized access to subresources, potentially disclosing sensitive information or performing actions they are not permitted to do. Additionally, legitimate users may be denied access to resources.

References

https://access.redhat.com/security/cve/CVE-2026-6383 vdb-entryx_refsource_REDHAT
RHBZ#2458741 issue-trackingx_refsource_REDHAT

Affected products

kubevirt

Matching in nixpkgs

pkgs.kubevirt

Client tool to use advanced features such as console access

nixos-unstable 1.8.1
- nixpkgs-unstable 1.8.1
- nixos-unstable-small 1.8.1
nixos-25.11 1.6.3
- nixos-25.11-small 1.6.3
- nixpkgs-25.11-darwin 1.6.3

Package maintainers

@johanot Johan Thomsen <write@ownrisk.dk>
@haslersn Sebastian Hasler <haslersn@fius.informatik.uni-stuttgart.de>

Permalink CVE-2025-14525

6.4 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Changed (C)
Confidentiality (C): None (N)
Integrity (I): Low (L)
Availability (A): Low (L)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Changed (C)
Modified Integrity (MI): Low (L)
Modified Availability (MA): Low (L)

created 3 months, 4 weeks ago Activity log

Created suggestion 3 months, 4 weeks ago

Kubevirt: kubevirt: vm administration denial of service via guest agent

A flaw was found in kubevirt. A user within a virtual machine (VM), if the guest agent is active, can exploit this by causing the agent to report an excessive number of network interfaces. This action can overwhelm the system's ability to store VM configuration updates, effectively blocking changes to the Virtual Machine Instance (VMI). This allows the VM user to restrict the VM administrator's ability to manage the VM, leading to a denial of service for administrative operations.