Moderate severityNVD Advisory· Published Sep 15, 2022· Updated Apr 21, 2025
Path Traversal vulnerability in Kubevirt
CVE-2022-1798
Description
A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
kubevirt.io/kubevirtGo | >= 0.20.0, < 0.55.1 | 0.55.1 |
Affected products
6- ghsa-coords5 versionspkg:golang/kubevirt.io/kubevirtpkg:rpm/opensuse/kubevirt&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/kubevirt&distro=openSUSE%20Leap%2015.4pkg:rpm/suse/kubevirt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP3pkg:rpm/suse/kubevirt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP4
>= 0.20.0, < 0.55.1+ 4 more
- (no CPE)range: >= 0.20.0, < 0.55.1
- (no CPE)range: < 0.49.0-150300.8.13.1
- (no CPE)range: < 0.54.0-150400.3.3.2
- (no CPE)range: < 0.49.0-150300.8.13.1
- (no CPE)range: < 0.54.0-150400.3.3.2
- Google LLC/Kubevirtv5Range: unspecified
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-cvx8-ppmc-78hmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-1798ghsaADVISORY
- github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hmghsaWEB
- github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.