pkg:Go/kubevirt.io/kubevirt

All known vulnerabilities

• CRITICAL9.9CVE-2020-14316Privilege Escalation in kubevirt in kubevirt.io/kubevirt
  from 0, < 0.30.0
• CRITICAL9.9CVE-2020-14316Privilege Escalation in kubevirt in kubevirt.io/kubevirt
  from 0, < 0.30.0
• HIGH8.2CVE-2023-26484On a compromised node, the virt-handler service account can be used to modify all node specs
  from 0, <= 0.59.0
• HIGH7.7KubeVirt Vulnerable to Arbitrary Host File Read and Write in kubevirt.io/kubevirt
  from 0, < 1.6.1, >= 1.6.2, < 1.7.0-rc.0
• HIGH7.7KubeVirt Vulnerable to Arbitrary Host File Read and Write in kubevirt.io/kubevirt
  from 0, < 1.6.1
• MEDIUM6.5KubeVirt Arbitrary Container File Read in kubevirt.io/kubevirt
  from 0, < 1.5.3
• MEDIUM6.5KubeVirt Arbitrary Container File Read in kubevirt.io/kubevirt
  from 0, < 1.5.3, >= 1.6.0-alpha.0, < 1.6.0-beta.0.0.20250801195231-a81b27d4600c, >= 1.6.0-rc.0, < 1.6.1
• MEDIUM6.5KubeVirt NULL pointer dereference flaw in kubevirt.io/kubevirt
  from 0
• MEDIUM6.5KubeVirt NULL pointer dereference flaw in kubevirt.io/kubevirt
  from 0, <= 1.2.0
• MEDIUM6.5Permissions bypass in KubeVirt in kubevirt.io/kubevirt
  from 0, < 0.26.0
• MEDIUM6.5Permissions bypass in KubeVirt in kubevirt.io/kubevirt
  from 0, < 0.26.0
• MEDIUM6.4KubeVirt Guest Agent DoS via Excessive Network Interface Reports in kubevirt.io/kubevirt
  from 0, <= 1.7.0
• MEDIUM6.4KubeVirt Guest Agent DoS via Excessive Network Interface Reports in kubevirt.io/kubevirt
  from 0
• MEDIUM5.9kubevirt allows a local attacker to execute arbitrary code via a crafted command in kubevirt.io/kubevirt
  from 0, <= 1.2.0
• MEDIUM5.9kubevirt allows a local attacker to execute arbitrary code via a crafted command in kubevirt.io/kubevirt
  from 0
• MEDIUM5.4KubeVirt's authorization mechanism improperly truncates subresource names
  from 0, <= 1.8.1
• MEDIUM5.3KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes in github.com/kubevirt/kubevirt
  from 0, < 1.7.0
• MEDIUM5.3KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation in kubevirt.io/kubevirt
  from 0, < 1.7.0-beta.0
• MEDIUM5.3KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation in kubevirt.io/kubevirt
  from 0, < 1.7.0-beta.0
• MEDIUM5.0KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes in kubevirt.io/kubevirt
  from 0, < 1.5.3
• MEDIUM5.0KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes in kubevirt.io/kubevirt
  from 0, < 1.5.3, >= 1.6.0-alpha.0, < 1.6.0-beta.0.0.20250801202148-3ce9f41c54d0
• MEDIUM4.7KubeVirt Improper TLS Certificate Management Handling Allows API Identity Spoofing in kubevirt.io/kubevirt
  from 0, < 1.5.3
• MEDIUM4.7KubeVirt Improper TLS Certificate Management Handling Allows API Identity Spoofing in kubevirt.io/kubevirt
  from 0, < 1.5.3, >= 1.6.0-alpha.0, < 1.6.0-beta.0.0.20250730135146-231dc69723f3, >= 1.6.0-rc.0, < 1.6.1
• MEDIUM4.7KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer in kubevirt.io/kubevirt
  from 0, < 1.5.3
• MEDIUM4.7KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer in kubevirt.io/kubevirt
  from 0, < 1.5.3, >= 1.6.0-alpha.0, < 1.6.0-beta.0.0.20250730135146-231dc69723f3, >= 1.6.0-rc.0, < 1.6.1, >= 1.6.2, < 1.7.0-rc.0
• —KubeVirt vulnerable to arbitrary file read on host
  >= 0.20.0, < 0.55.1