CVE-2024-1725

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Mar 7, 2024
Updated: May 8, 2024
CWE ID 501

Summary

CVE-2024-1725 is a recently disclosed vulnerability affecting the kubevirt-csi component in OpenShift Virtualization's Hosted Control Plane (HCP). An attacker who is already authenticated can exploit this flaw to gain root access to a worker node's volume. This is accomplished by creating a custom Persistent Volume with a name that matches that of a worker node. This vulnerability poses a significant risk, as it allows attackers to bypass intended access controls and potentially gain unauthorized access to sensitive data stored on the HCP worker nodes.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share