CVE-2024-1725
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
07/03/2024
Last modified:
26/03/2025
Description
A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:redhat:openshift_container_platform:4.13:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:openshift_container_platform:4.14:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:openshift_container_platform:4.15:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.13:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.14:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.15:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.13:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.14:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.15:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.13:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.14:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.15:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:openshift_container_platform_for_power:4.13:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:openshift_container_platform_for_power:4.14:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:openshift_container_platform_for_power:4.15:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://access.redhat.com/errata/RHSA-2024:1559
- https://access.redhat.com/errata/RHSA-2024:1891
- https://access.redhat.com/errata/RHSA-2024:2047
- https://access.redhat.com/security/cve/CVE-2024-1725
- https://bugzilla.redhat.com/show_bug.cgi?id=2265398
- https://access.redhat.com/errata/RHSA-2024:1559
- https://access.redhat.com/errata/RHSA-2024:1891
- https://access.redhat.com/errata/RHSA-2024:2047
- https://access.redhat.com/security/cve/CVE-2024-1725
- https://bugzilla.redhat.com/show_bug.cgi?id=2265398