1. Home
  2. CVE Database
  3. CVE-2024-1725
MEDIUM · 6.5

CVE-2024-1725

A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's v...

Vulnerability Description

A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
RedhatOpenshift Container Platform4.13
RedhatOpenshift Container Platform For Arm644.13
RedhatOpenshift Container Platform For Ibm Z4.13
RedhatOpenshift Container Platform For Linuxone4.13
RedhatOpenshift Container Platform For Power4.13

Related Weaknesses (CWE)

CWE-501

References

FAQ

What is CVE-2024-1725?

CVE-2024-1725 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's v...

How severe is CVE-2024-1725?

CVE-2024-1725 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-1725?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Openshift Container Platform, Redhat Openshift Container Platform For Arm64, Redhat Openshift Container Platform For Ibm Z, Redhat Openshift Container Platform For Linuxone, Redhat Openshift Container Platform For Power.