← Back

Containerized Data Importer

containerized_data_importer

Vendor: Kubevirt • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-10175
1Kubevirt
1Containerized Data Importer
Nov 21, 2024
Jun 28, 2019
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
A flaw was found in the containerized-data-importer in virt-cdi-cloner, version 1.4, where the host-assisted cloning feature does not determine whether the requesting user has permission to access the Persistent Volume C...Show more
A flaw was found in the containerized-data-importer in virt-cdi-cloner, version 1.4, where the host-assisted cloning feature does not determine whether the requesting user has permission to access the Persistent Volume Claim (PVC) in the source namespace. This could allow users to clone any PVC in the cluster into their own namespace, effectively allowing access to other user's data.Show less
CVE-2019-3841
1Kubevirt
1Containerized Data Importer
Nov 21, 2024
Mar 25, 2019
N/A· v4
6.8 MEDIUM· v3
4.9 MEDIUM· v2
Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were reported to disable TLS certificate validation when importing data into PVCs from container registries. This could enable man-in-the-middle attacks betw...Show more
Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were reported to disable TLS certificate validation when importing data into PVCs from container registries. This could enable man-in-the-middle attacks between a container registry and the virt-cdi-component, leading to possible undetected tampering of trusted container image content.Show less