Skip to main content

Kubevirt CVE-2022-1798

MEDIUM
Improper Input Validation (CWE-20)
2022-09-15 cve-coordination@google.com
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 15, 2022 - 16:15 nvd
MEDIUM 6.5

DescriptionNVD

A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.

AnalysisAI

A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible. Affected products include: Kubevirt. Version information: up to 0.56.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2020-14316 CRITICAL
9.9 Jul 29

A flaw was found in kubevirt 0.29 and earlier. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploi

CVE-2023-26484 HIGH
8.2 Mar 15

KubeVirt is a virtual machine management add-on for Kubernetes. Rated high severity (CVSS 8.2), this vulnerability is re

CVE-2026-13201 HIGH
7.3 Jun 24

Local privilege boundary bypass in KubeVirt's safepath package lets an attacker who controls a virt-launcher pod trick t

CVE-2026-13208 MEDIUM
6.5 Jun 24

KubeVirt's virt-handler domain notify server allows a compromised virt-launcher process to forge lifecycle events for an

CVE-2026-13318 MEDIUM
6.4 Jun 26

Server-side request forgery in KubeVirt's virt-api port-forward handler allows authenticated Kubernetes users with kubev

CVE-2024-33394 MEDIUM
5.9 May 02

An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command

CVE-2026-13218 MEDIUM
4.2 Jun 26

Symlink-following in KubeVirt's virt-handler permits a container-level attacker to overwrite arbitrary host files and ch

CVE-2025-64324 HIGH POC
8.5 Nov 18

KubeVirt is a virtual machine management add-on for Kubernetes. Rated high severity (CVSS 8.5), this vulnerability is no

CVE-2025-64437 MEDIUM POC
5.0 Nov 07

KubeVirt is a virtual machine management add-on for Kubernetes. Rated medium severity (CVSS 5.0). Public exploit code av

CVE-2025-64436 MEDIUM POC
6.9 Nov 07

KubeVirt is a virtual machine management add-on for Kubernetes. Rated medium severity (CVSS 6.9), this vulnerability is

CVE-2025-64435 MEDIUM POC
5.3 Nov 07

KubeVirt is a virtual machine management add-on for Kubernetes. Rated medium severity (CVSS 5.3), this vulnerability is

CVE-2025-64434 MEDIUM POC
4.7 Nov 07

KubeVirt is a virtual machine management add-on for Kubernetes. Rated medium severity (CVSS 4.7). Public exploit code av

Share

CVE-2022-1798 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy