Medium severity6.5NVD Advisory· Published May 27, 2021· Updated Jun 17, 2026
CVE-2020-1701
CVE-2020-1701
Description
A flaw was found in the KubeVirt main virt-handler versions before 0.26.0 regarding the access permissions of virt-handler. An attacker with access to create VMs could attach any secret within their namespace, allowing them to read the contents of that secret.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
kubevirt.io/kubevirtGo | < 0.26.0 | 0.26.0 |
Affected products
2- KubeVirt/virt-handlerdescription
Patches
Vulnerability mechanics
References
7- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party AdvisoryWEB
- github.com/advisories/GHSA-849r-8wvp-4wwgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-1701ghsaADVISORY
- github.com/kubevirt/containerized-data-importer/pull/1098ghsaWEB
- github.com/kubevirt/kubevirt/commit/9efa8d7388d4fe1c698c6980aa7122c06bd141beghsaWEB
- github.com/kubevirt/kubevirt/issues/2967ghsaWEB
- github.com/kubevirt/kubevirt/pull/3001ghsaWEB
News mentions
0No linked articles in our index yet.