CVE-2022-1798 - Vulnerability Details

A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Kubevirt	Kubevirt
Redhat	Container Native Virtualization

Configuration 1 [-]

cpe:2.3:a:kubevirt:kubevirt:*:*:*:*:*:kubernetes:*:*

Package	CPE	Advisory	Released Date
Red Hat OpenShift Virtualization 4
kubernetes-nmstate-handler-container	cpe:/a:redhat:container_native_virtualization:4.8::el8	RHSA-2022:6890	2022-10-11T00:00:00Z
kubevirt-v2v-conversion-container	cpe:/a:redhat:container_native_virtualization:4.8::el8	RHSA-2022:6890	2022-10-11T00:00:00Z
kubevirt-vmware-container	cpe:/a:redhat:container_native_virtualization:4.8::el8	RHSA-2022:6890	2022-10-11T00:00:00Z
node-maintenance-operator-container	cpe:/a:redhat:container_native_virtualization:4.8::el8	RHSA-2022:6890	2022-10-11T00:00:00Z
vm-import-controller-container	cpe:/a:redhat:container_native_virtualization:4.8::el8	RHSA-2022:6890	2022-10-11T00:00:00Z
vm-import-operator-container	cpe:/a:redhat:container_native_virtualization:4.8::el8	RHSA-2022:6890	2022-10-11T00:00:00Z
vm-import-virtv2v-container	cpe:/a:redhat:container_native_virtualization:4.8::el8	RHSA-2022:6890	2022-10-11T00:00:00Z
RHEL-8-CNV-4.10
container-native-virtualization/virt-api:v4.10.5-3	cpe:/a:redhat:container_native_virtualization:4.10::el8	RHSA-2022:6351	2022-09-06T00:00:00Z
container-native-virtualization/virt-artifacts-server:v4.10.5-3	cpe:/a:redhat:container_native_virtualization:4.10::el8	RHSA-2022:6351	2022-09-06T00:00:00Z
container-native-virtualization/virt-controller:v4.10.5-3	cpe:/a:redhat:container_native_virtualization:4.10::el8	RHSA-2022:6351	2022-09-06T00:00:00Z
container-native-virtualization/virt-handler:v4.10.5-3	cpe:/a:redhat:container_native_virtualization:4.10::el8	RHSA-2022:6351	2022-09-06T00:00:00Z
container-native-virtualization/virt-launcher:v4.10.5-3	cpe:/a:redhat:container_native_virtualization:4.10::el8	RHSA-2022:6351	2022-09-06T00:00:00Z
container-native-virtualization/virt-operator:v4.10.5-3	cpe:/a:redhat:container_native_virtualization:4.10::el8	RHSA-2022:6351	2022-09-06T00:00:00Z
RHEL-8-CNV-4.11
container-native-virtualization/virt-api:v4.11.0-106	cpe:/a:redhat:container_native_virtualization:4.11::el8	RHSA-2022:6526	2022-09-14T00:00:00Z
container-native-virtualization/virt-artifacts-server:v4.11.0-106	cpe:/a:redhat:container_native_virtualization:4.11::el8	RHSA-2022:6526	2022-09-14T00:00:00Z
container-native-virtualization/virt-controller:v4.11.0-106	cpe:/a:redhat:container_native_virtualization:4.11::el8	RHSA-2022:6526	2022-09-14T00:00:00Z
container-native-virtualization/virt-handler:v4.11.0-106	cpe:/a:redhat:container_native_virtualization:4.11::el8	RHSA-2022:6526	2022-09-14T00:00:00Z
container-native-virtualization/virt-launcher:v4.11.0-106	cpe:/a:redhat:container_native_virtualization:4.11::el8	RHSA-2022:6526	2022-09-14T00:00:00Z
container-native-virtualization/virt-operator:v4.11.0-106	cpe:/a:redhat:container_native_virtualization:4.11::el8	RHSA-2022:6526	2022-09-14T00:00:00Z
RHEL-8-CNV-4.12
container-native-virtualization/virt-api:v4.12.0-255	cpe:/a:redhat:container_native_virtualization:4.12::el8	RHSA-2023:0408	2023-01-25T00:00:00Z
container-native-virtualization/virt-artifacts-server:v4.12.0-255	cpe:/a:redhat:container_native_virtualization:4.12::el8	RHSA-2023:0408	2023-01-25T00:00:00Z
container-native-virtualization/virt-controller:v4.12.0-255	cpe:/a:redhat:container_native_virtualization:4.12::el8	RHSA-2023:0408	2023-01-25T00:00:00Z
container-native-virtualization/virt-handler:v4.12.0-255	cpe:/a:redhat:container_native_virtualization:4.12::el8	RHSA-2023:0408	2023-01-25T00:00:00Z
container-native-virtualization/virt-launcher:v4.12.0-255	cpe:/a:redhat:container_native_virtualization:4.12::el8	RHSA-2023:0408	2023-01-25T00:00:00Z
container-native-virtualization/virt-operator:v4.12.0-255	cpe:/a:redhat:container_native_virtualization:4.12::el8	RHSA-2023:0408	2023-01-25T00:00:00Z
RHEL-8-CNV-4.9
container-native-virtualization/virt-api:v4.9.6-9	cpe:/a:redhat:container_native_virtualization:4.9::el8	RHSA-2022:6681	2022-09-22T00:00:00Z
container-native-virtualization/virt-artifacts-server:v4.9.6-9	cpe:/a:redhat:container_native_virtualization:4.9::el8	RHSA-2022:6681	2022-09-22T00:00:00Z
container-native-virtualization/virt-controller:v4.9.6-9	cpe:/a:redhat:container_native_virtualization:4.9::el8	RHSA-2022:6681	2022-09-22T00:00:00Z
container-native-virtualization/virt-handler:v4.9.6-9	cpe:/a:redhat:container_native_virtualization:4.9::el8	RHSA-2022:6681	2022-09-22T00:00:00Z
container-native-virtualization/virt-launcher:v4.9.6-9	cpe:/a:redhat:container_native_virtualization:4.9::el8	RHSA-2022:6681	2022-09-22T00:00:00Z
container-native-virtualization/virt-operator:v4.9.6-9	cpe:/a:redhat:container_native_virtualization:4.9::el8	RHSA-2022:6681	2022-09-22T00:00:00Z

References

Link	Providers
https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm
https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364
https://nvd.nist.gov/vuln/detail/CVE-2022-1798
https://www.cve.org/CVERecord?id=CVE-2022-1798

History

Mon, 21 Apr 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Google

Published: 2022-09-15T15:45:12.000Z

Updated: 2025-04-21T13:49:58.573Z

Reserved: 2022-05-19T00:00:00.000Z

Link: CVE-2022-1798

Vulnrichment

Updated: 2024-08-03T00:17:00.704Z

NVD

Status : Modified

Published: 2022-09-15T16:15:10.107

Modified: 2024-11-21T06:41:29.633

Link: CVE-2022-1798

Redhat

Severity : Important

Publid Date: 2022-08-08T00:00:00Z

Links: CVE-2022-1798 - Bugzilla

{"containers": {"cna": {"affected": [{"platforms": ["all"], "product": "Kubevirt", "vendor": "Google LLC", "versions": [{"lessThan": "0.55.1", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "0.56.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Oliver Brooks and James Klopchic of NCC Group"}, {"lang": "en", "value": "Diane Dubois and Roman Mohr of Google"}], "descriptions": [{"lang": "en", "value": "A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-15T15:45:12.000Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364"}], "source": {"discovery": "EXTERNAL"}, "title": "Path Traversal vulnerability in Kubevirt", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "ID": "CVE-2022-1798", "STATE": "PUBLIC", "TITLE": "Path Traversal vulnerability in Kubevirt"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Kubevirt", "version": {"version_data": [{"platform": "all", "version_affected": "<", "version_value": "0.55.1"}, {"platform": "all", "version_affected": "<", "version_value": "0.56.0"}]}}]}, "vendor_name": "Google LLC"}]}}, "credit": [{"lang": "eng", "value": "Oliver Brooks and James Klopchic of NCC Group"}, {"lang": "eng", "value": "Diane Dubois and Roman Mohr of Google"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20 Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364", "refsource": "CONFIRM", "url": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:17:00.704Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-21T13:39:15.451210Z", "id": "CVE-2022-1798", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-21T13:49:58.573Z"}}]}, "cveMetadata": {"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2022-1798", "datePublished": "2022-09-15T15:45:12.000Z", "dateReserved": "2022-05-19T00:00:00.000Z", "dateUpdated": "2025-04-21T13:49:58.573Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:17:00.704Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-1798", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-21T13:39:15.451210Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-21T13:39:16.930Z"}}], "cna": {"title": "Path Traversal vulnerability in Kubevirt", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "value": "Oliver Brooks and James Klopchic of NCC Group"}, {"lang": "en", "value": "Diane Dubois and Roman Mohr of Google"}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.7, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Google LLC", "product": "Kubevirt", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "0.55.1", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "0.56.0", "versionType": "custom"}], "platforms": ["all"]}], "references": [{"url": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364", "tags": ["x_refsource_CONFIRM"]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "descriptions": [{"lang": "en", "value": "A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google", "dateUpdated": "2022-09-15T15:45:12.000Z"}, "x_legacyV4Record": {"credit": [{"lang": "eng", "value": "Oliver Brooks and James Klopchic of NCC Group"}, {"lang": "eng", "value": "Diane Dubois and Roman Mohr of Google"}], "impact": {"cvss": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.7, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, "source": {"discovery": "EXTERNAL"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"platform": "all", "version_value": "0.55.1", "version_affected": "<"}, {"platform": "all", "version_value": "0.56.0", "version_affected": "<"}]}, "product_name": "Kubevirt"}]}, "vendor_name": "Google LLC"}]}}, "data_type": "CVE", "generator": {"engine": "Vulnogram 0.0.9"}, "references": {"reference_data": [{"url": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364", "name": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364", "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20 Improper Input Validation"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-1798", "STATE": "PUBLIC", "TITLE": "Path Traversal vulnerability in Kubevirt", "ASSIGNER": "security@google.com"}}}}, "cveMetadata": {"cveId": "CVE-2022-1798", "state": "PUBLISHED", "dateUpdated": "2025-04-21T13:49:58.573Z", "dateReserved": "2022-05-19T00:00:00.000Z", "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "datePublished": "2022-09-15T15:45:12.000Z", "assignerShortName": "Google"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kubevirt:kubevirt:*:*:*:*:*:kubernetes:*:*", "matchCriteriaId": "E3E349C1-0216-47B4-B160-13C5B99BC633", "versionEndExcluding": "0.55.1", "versionStartIncluding": "0.20.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible."}, {"lang": "es", "value": "Una vulnerabilidad de salto de ruta en KubeVirt versiones hasta 0.56 (y 0.55.1) en todas las plataformas permite a un usuario capaz de configurar el kubevirt para leer archivos arbitrarios en el sistema de archivos del host que son legibles p\u00fablicamente o que son legibles para UID 107 o GID 107. /proc/self/() no es accesible"}], "id": "CVE-2022-1798", "lastModified": "2024-11-21T06:41:29.633", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "cve-coordination@google.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-15T16:15:10.107", "references": [{"source": "cve-coordination@google.com", "tags": ["Exploit", "Mitigation", "Patch", "Third Party Advisory"], "url": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mitigation", "Patch", "Third Party Advisory"], "url": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364"}], "sourceIdentifier": "cve-coordination@google.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "cve-coordination@google.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Oliver Brooks and James Klopchic (NCC Group) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2022:6890", "cpe": "cpe:/a:redhat:container_native_virtualization:4.8::el8", "package": "kubernetes-nmstate-handler-container", "product_name": "Red Hat OpenShift Virtualization 4", "release_date": "2022-10-11T00:00:00Z"}, {"advisory": "RHSA-2022:6890", "cpe": "cpe:/a:redhat:container_native_virtualization:4.8::el8", "package": "kubevirt-v2v-conversion-container", "product_name": "Red Hat OpenShift Virtualization 4", "release_date": "2022-10-11T00:00:00Z"}, {"advisory": "RHSA-2022:6890", "cpe": "cpe:/a:redhat:container_native_virtualization:4.8::el8", "package": "kubevirt-vmware-container", "product_name": "Red Hat OpenShift Virtualization 4", "release_date": "2022-10-11T00:00:00Z"}, {"advisory": "RHSA-2022:6890", "cpe": "cpe:/a:redhat:container_native_virtualization:4.8::el8", "package": "node-maintenance-operator-container", "product_name": "Red Hat OpenShift Virtualization 4", "release_date": "2022-10-11T00:00:00Z"}, {"advisory": "RHSA-2022:6890", "cpe": "cpe:/a:redhat:container_native_virtualization:4.8::el8", "package": "vm-import-controller-container", "product_name": "Red Hat OpenShift Virtualization 4", "release_date": "2022-10-11T00:00:00Z"}, {"advisory": "RHSA-2022:6890", "cpe": "cpe:/a:redhat:container_native_virtualization:4.8::el8", "package": "vm-import-operator-container", "product_name": "Red Hat OpenShift Virtualization 4", "release_date": "2022-10-11T00:00:00Z"}, {"advisory": "RHSA-2022:6890", "cpe": "cpe:/a:redhat:container_native_virtualization:4.8::el8", "package": "vm-import-virtv2v-container", "product_name": "Red Hat OpenShift Virtualization 4", "release_date": "2022-10-11T00:00:00Z"}, {"advisory": "RHSA-2022:6351", "cpe": "cpe:/a:redhat:container_native_virtualization:4.10::el8", "package": "container-native-virtualization/virt-api:v4.10.5-3", "product_name": "RHEL-8-CNV-4.10", "release_date": "2022-09-06T00:00:00Z"}, {"advisory": "RHSA-2022:6351", "cpe": "cpe:/a:redhat:container_native_virtualization:4.10::el8", "package": "container-native-virtualization/virt-artifacts-server:v4.10.5-3", "product_name": "RHEL-8-CNV-4.10", "release_date": "2022-09-06T00:00:00Z"}, {"advisory": "RHSA-2022:6351", "cpe": "cpe:/a:redhat:container_native_virtualization:4.10::el8", "package": "container-native-virtualization/virt-controller:v4.10.5-3", "product_name": "RHEL-8-CNV-4.10", "release_date": "2022-09-06T00:00:00Z"}, {"advisory": "RHSA-2022:6351", "cpe": "cpe:/a:redhat:container_native_virtualization:4.10::el8", "package": "container-native-virtualization/virt-handler:v4.10.5-3", "product_name": "RHEL-8-CNV-4.10", "release_date": "2022-09-06T00:00:00Z"}, {"advisory": "RHSA-2022:6351", "cpe": "cpe:/a:redhat:container_native_virtualization:4.10::el8", "package": "container-native-virtualization/virt-launcher:v4.10.5-3", "product_name": "RHEL-8-CNV-4.10", "release_date": "2022-09-06T00:00:00Z"}, {"advisory": "RHSA-2022:6351", "cpe": "cpe:/a:redhat:container_native_virtualization:4.10::el8", "package": "container-native-virtualization/virt-operator:v4.10.5-3", "product_name": "RHEL-8-CNV-4.10", "release_date": "2022-09-06T00:00:00Z"}, {"advisory": "RHSA-2022:6526", "cpe": "cpe:/a:redhat:container_native_virtualization:4.11::el8", "package": "container-native-virtualization/virt-api:v4.11.0-106", "product_name": "RHEL-8-CNV-4.11", "release_date": "2022-09-14T00:00:00Z"}, {"advisory": "RHSA-2022:6526", "cpe": "cpe:/a:redhat:container_native_virtualization:4.11::el8", "package": "container-native-virtualization/virt-artifacts-server:v4.11.0-106", "product_name": "RHEL-8-CNV-4.11", "release_date": "2022-09-14T00:00:00Z"}, {"advisory": "RHSA-2022:6526", "cpe": "cpe:/a:redhat:container_native_virtualization:4.11::el8", "package": "container-native-virtualization/virt-controller:v4.11.0-106", "product_name": "RHEL-8-CNV-4.11", "release_date": "2022-09-14T00:00:00Z"}, {"advisory": "RHSA-2022:6526", "cpe": "cpe:/a:redhat:container_native_virtualization:4.11::el8", "package": "container-native-virtualization/virt-handler:v4.11.0-106", "product_name": "RHEL-8-CNV-4.11", "release_date": "2022-09-14T00:00:00Z"}, {"advisory": "RHSA-2022:6526", "cpe": "cpe:/a:redhat:container_native_virtualization:4.11::el8", "package": "container-native-virtualization/virt-launcher:v4.11.0-106", "product_name": "RHEL-8-CNV-4.11", "release_date": "2022-09-14T00:00:00Z"}, {"advisory": "RHSA-2022:6526", "cpe": "cpe:/a:redhat:container_native_virtualization:4.11::el8", "package": "container-native-virtualization/virt-operator:v4.11.0-106", "product_name": "RHEL-8-CNV-4.11", "release_date": "2022-09-14T00:00:00Z"}, {"advisory": "RHSA-2023:0408", "cpe": "cpe:/a:redhat:container_native_virtualization:4.12::el8", "package": "container-native-virtualization/virt-api:v4.12.0-255", "product_name": "RHEL-8-CNV-4.12", "release_date": "2023-01-25T00:00:00Z"}, {"advisory": "RHSA-2023:0408", "cpe": "cpe:/a:redhat:container_native_virtualization:4.12::el8", "package": "container-native-virtualization/virt-artifacts-server:v4.12.0-255", "product_name": "RHEL-8-CNV-4.12", "release_date": "2023-01-25T00:00:00Z"}, {"advisory": "RHSA-2023:0408", "cpe": "cpe:/a:redhat:container_native_virtualization:4.12::el8", "package": "container-native-virtualization/virt-controller:v4.12.0-255", "product_name": "RHEL-8-CNV-4.12", "release_date": "2023-01-25T00:00:00Z"}, {"advisory": "RHSA-2023:0408", "cpe": "cpe:/a:redhat:container_native_virtualization:4.12::el8", "package": "container-native-virtualization/virt-handler:v4.12.0-255", "product_name": "RHEL-8-CNV-4.12", "release_date": "2023-01-25T00:00:00Z"}, {"advisory": "RHSA-2023:0408", "cpe": "cpe:/a:redhat:container_native_virtualization:4.12::el8", "package": "container-native-virtualization/virt-launcher:v4.12.0-255", "product_name": "RHEL-8-CNV-4.12", "release_date": "2023-01-25T00:00:00Z"}, {"advisory": "RHSA-2023:0408", "cpe": "cpe:/a:redhat:container_native_virtualization:4.12::el8", "package": "container-native-virtualization/virt-operator:v4.12.0-255", "product_name": "RHEL-8-CNV-4.12", "release_date": "2023-01-25T00:00:00Z"}, {"advisory": "RHSA-2022:6681", "cpe": "cpe:/a:redhat:container_native_virtualization:4.9::el8", "package": "container-native-virtualization/virt-api:v4.9.6-9", "product_name": "RHEL-8-CNV-4.9", "release_date": "2022-09-22T00:00:00Z"}, {"advisory": "RHSA-2022:6681", "cpe": "cpe:/a:redhat:container_native_virtualization:4.9::el8", "package": "container-native-virtualization/virt-artifacts-server:v4.9.6-9", "product_name": "RHEL-8-CNV-4.9", "release_date": "2022-09-22T00:00:00Z"}, {"advisory": "RHSA-2022:6681", "cpe": "cpe:/a:redhat:container_native_virtualization:4.9::el8", "package": "container-native-virtualization/virt-controller:v4.9.6-9", "product_name": "RHEL-8-CNV-4.9", "release_date": "2022-09-22T00:00:00Z"}, {"advisory": "RHSA-2022:6681", "cpe": "cpe:/a:redhat:container_native_virtualization:4.9::el8", "package": "container-native-virtualization/virt-handler:v4.9.6-9", "product_name": "RHEL-8-CNV-4.9", "release_date": "2022-09-22T00:00:00Z"}, {"advisory": "RHSA-2022:6681", "cpe": "cpe:/a:redhat:container_native_virtualization:4.9::el8", "package": "container-native-virtualization/virt-launcher:v4.9.6-9", "product_name": "RHEL-8-CNV-4.9", "release_date": "2022-09-22T00:00:00Z"}, {"advisory": "RHSA-2022:6681", "cpe": "cpe:/a:redhat:container_native_virtualization:4.9::el8", "package": "container-native-virtualization/virt-operator:v4.9.6-9", "product_name": "RHEL-8-CNV-4.9", "release_date": "2022-09-22T00:00:00Z"}], "bugzilla": {"description": "kubeVirt: Arbitrary file read on the host from KubeVirt VMs", "id": "2117872", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117872"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-22", "details": ["A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.", "An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from."], "name": "CVE-2022-1798", "public_date": "2022-08-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-1798\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-1798\nhttps://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm"], "threat_severity": "Important"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact High

User Interaction None

Exploitation poc

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object