Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2024-1725

UNKNOWN
Published 2024-03-07T20:09:11.616Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2024-1725. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
6.5
/10
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2023.03.01
0.000
probability
of exploitation in the wild

There is a 0.0% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-01-25
Exploit Probability
Percentile: 0.178
Higher than 17.8% of all CVEs

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED

Impact Metrics

Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Description

A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Unknown Vendor

Unknown Product

Affected Versions:

a61f36c42700f54352919318ed806d1ae2d716f4
Red Hat

Red Hat OpenShift Container Platform 4.13

Affected Versions:

v4.13.0-202404200313.p0.g9d909f7.assembly.stream.el8
Red Hat

Red Hat OpenShift Container Platform 4.14

Affected Versions:

v4.14.0-202404161544.p0.g48fafc4.assembly.stream.el8
Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

v4.15.0-202403220332.p0.gd3bdbce.assembly.stream.el8

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed HIGH

kubevirt-csi: PersistentVolume allows access to HCP's root node

GHSA-fg9q-5cw2-p6r9

Advisory Details

A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node.

Affected Packages

Go github.com/kubevirt/csi-driver
ECOSYSTEM: ≥0 <0.0.0-202403081943-cc28dcbb0afc14

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-1725
WEB https://github.com/kubevirt/csi-driver/commit/cc28dcbb0afca0a7cb8a73bc998ab49f864ed560
WEB https://access.redhat.com/errata/RHSA-2024:1559
WEB https://access.redhat.com/errata/RHSA-2024:1891
WEB https://access.redhat.com/errata/RHSA-2024:2047
WEB https://access.redhat.com/security/cve/CVE-2024-1725
WEB https://bugzilla.redhat.com/show_bug.cgi?id=2265398
PACKAGE https://github.com/kubevirt/csi-driver
WEB https://pkg.go.dev/vuln/GO-2025-3512

Advisory provided by GitHub Security Advisory Database. Published: March 7, 2024, Modified: March 14, 2025

References

https://access.redhat.com/errata/RHSA-2024:1559
https://access.redhat.com/errata/RHSA-2024:1891
https://access.redhat.com/errata/RHSA-2024:2047
https://access.redhat.com/security/cve/CVE-2024-1725
https://bugzilla.redhat.com/show_bug.cgi?id=2265398
Published: 2024-03-07T20:09:11.616Z
Last Modified: 2025-03-26T04:52:26.156Z
Copied to clipboard!