CNNVD-202511-778 Information
CNNVD ID
CNNVD-202511-778
Related CVE
- CNNVD Published: 2025-11-07
Description (Chinese)
Kubevirt是KubeVirt开源的一款虚拟机管理器。 Kubevirt 1.5.3及之前版本和1.6.0版本存在信任管理问题漏洞,该漏洞源于virt-api组件未能正确验证客户端TLS证书中的CN字段,可能导致绕过RBAC控制。
Description (English)
Kubevirt is a virtual machine manager for the KubeVirt open source. Kubevirt 1.5.3 and previous and 1.6.0 have a confidence management gap, which stems from the failure of the virt-api component to correctly verify the CN field in the client TLS certificate and may result in circumventing RBAC control.
Hazard Level
High
Vulnerability Type
信任管理问题
Affected Vendor
KubeVirt
Published
2025-11-07
Last Modified
2026-02-24
References
https://github.com/kubevirt/kubevirt/commit/af2f08a9a186eccc650f87c30ab3e07b669e8b5b https://github.com/kubevirt/kubevirt/security/advisories/GHSA-38jw-g2qx-4286 https://github.com/kubevirt/kubevirt/commit/231dc69723f331dc02f65a31ab4c3d6869f40d6a https://github.com/kubevirt/kubevirt/commit/b9773bc588e6e18ece896a2dad5336ef7a653074 https://vigilance.fr/vulnerability/KubeVirt-five-vulnerabilities-dated-09-12-2025-49023 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64432