VYPR
High severityGHSA Advisory· Published Mar 7, 2024· Updated Nov 14, 2025

Kubevirt-csi: persistentvolume allows access to hcp's root node

CVE-2024-1725

Description

A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/kubevirt/csi-driverGo
< 0.0.0-202403081943-cc28dcbb0afc140.0.0-202403081943-cc28dcbb0afc14

Affected products

3

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.