RSS   Vulnerabilities for 'Containerized data importer'   RSS

2019-03-25
 
CVE-2019-3841

CWE-295
 

 
Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were reported to disable TLS certificate validation when importing data into PVCs from container registries. This could enable man-in-the-middle attacks between a container registry and the virt-cdi-component, leading to possible undetected tampering of trusted container image content.

 

 >>> Vendor: Kubevirt 3 Products
Containerized-data-importer
Containerized data importer
Kubevirt


Copyright 2024, cxsecurity.com

 

Back to Top