CVE-2024-1725

{"id": "CVE-2024-1725", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2024-03-07T20:15:50.690", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:1559", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:1891", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:2047", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2024-1725", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265398", "source": "secalert@redhat.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-501"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en el componente kubevirt-csi del plano de control alojado (HCP) de OpenShift Virtualization. Este problema podr\u00eda permitir que un atacante autenticado obtenga acceso al volumen del nodo trabajador HCP ra\u00edz mediante la creaci\u00f3n de un volumen persistente personalizado que coincida con el nombre de un nodo trabajador."}], "lastModified": "2024-05-08T02:15:09.067", "sourceIdentifier": "secalert@redhat.com"}