Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-33394 (GCVE-0-2024-33394)
Vulnerability from cvelistv5 – Published: 2024-05-02 00:00 – Updated: 2024-08-02 02:27
VLAI?
EPSS
Summary
An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component.
Severity ?
5.9 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kubevirt:kubevirt:-:*:*:*:*:kubernetes:*:*"
],
"defaultStatus": "unknown",
"product": "kubevirt",
"vendor": "kubevirt",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-33394",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-03T15:00:41.783976Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:45:04.313Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:27:53.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gist.github.com/HouqiyuA/1b75e23ece7ad98490aec1c887bdf49b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-02T18:10:28.344095",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gist.github.com/HouqiyuA/1b75e23ece7ad98490aec1c887bdf49b"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-33394",
"datePublished": "2024-05-02T00:00:00",
"dateReserved": "2024-04-23T00:00:00",
"dateUpdated": "2024-08-02T02:27:53.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component.\"}, {\"lang\": \"es\", \"value\": \"Un problema en kubevirt kubevirt v1.2.0 y anteriores permite a un atacante local ejecutar c\\u00f3digo arbitrario mediante un comando manipulado para obtener el componente token.\"}]",
"id": "CVE-2024-33394",
"lastModified": "2024-11-21T09:16:52.647",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.5, \"impactScore\": 3.4}]}",
"published": "2024-05-02T18:15:07.523",
"references": "[{\"url\": \"https://gist.github.com/HouqiyuA/1b75e23ece7ad98490aec1c887bdf49b\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://gist.github.com/HouqiyuA/1b75e23ece7ad98490aec1c887bdf49b\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-94\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-33394\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2024-05-02T18:15:07.523\",\"lastModified\":\"2025-07-07T15:40:23.880\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component.\"},{\"lang\":\"es\",\"value\":\"Un problema en kubevirt kubevirt v1.2.0 y anteriores permite a un atacante local ejecutar c\u00f3digo arbitrario mediante un comando manipulado para obtener el componente token.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.5,\"impactScore\":3.4}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kubevirt:kubevirt:*:*:*:*:*:kubernetes:*:*\",\"versionEndIncluding\":\"1.2.0\",\"matchCriteriaId\":\"5F9D2154-6B9C-47C2-88CE-671B68BDA05C\"}]}]}],\"references\":[{\"url\":\"https://gist.github.com/HouqiyuA/1b75e23ece7ad98490aec1c887bdf49b\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://gist.github.com/HouqiyuA/1b75e23ece7ad98490aec1c887bdf49b\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2024-05-02T18:10:28.344095\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component.\"}], \"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"version\": \"n/a\", \"status\": \"affected\"}]}], \"references\": [{\"url\": \"https://gist.github.com/HouqiyuA/1b75e23ece7ad98490aec1c887bdf49b\"}], \"problemTypes\": [{\"descriptions\": [{\"type\": \"text\", \"lang\": \"en\", \"description\": \"n/a\"}]}]}, \"adp\": [{\"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.9, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-33394\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-03T15:00:41.783976Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:kubevirt:kubevirt:-:*:*:*:*:kubernetes:*:*\"], \"vendor\": \"kubevirt\", \"product\": \"kubevirt\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-03T15:05:09.366Z\"}, \"title\": \"CISA ADP Vulnrichment\"}]}",
"cveMetadata": "{\"state\": \"PUBLISHED\", \"cveId\": \"CVE-2024-33394\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"assignerShortName\": \"mitre\", \"dateUpdated\": \"2024-06-04T17:45:04.313Z\", \"dateReserved\": \"2024-04-23T00:00:00\", \"datePublished\": \"2024-05-02T00:00:00\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
SUSE-SU-2024:2318-1
Vulnerability from csaf_suse - Published: 2024-07-08 09:52 - Updated: 2024-07-08 09:52Summary
Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container
Notes
Title of the patch
Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container
Description of the patch
This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues:
- Collect component Role rules under operator Role instead of
ClusterRole (bsc#1223965, CVE-2024-33394)
- Ensure procps is installed (provides ps for tests)
Containers were rebuilt against current go and maintenance updates.
Patchnames
SUSE-2024-2318,SUSE-SLE-Module-Containers-15-SP6-2024-2318,openSUSE-SLE-15.6-2024-2318
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues:\n\n- Collect component Role rules under operator Role instead of\n ClusterRole (bsc#1223965, CVE-2024-33394)\n- Ensure procps is installed (provides ps for tests)\n\nContainers were rebuilt against current go and maintenance updates.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-2318,SUSE-SLE-Module-Containers-15-SP6-2024-2318,openSUSE-SLE-15.6-2024-2318",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_2318-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:2318-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20242318-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:2318-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-July/035833.html"
},
{
"category": "self",
"summary": "SUSE Bug 1223965",
"url": "https://bugzilla.suse.com/1223965"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-33394 page",
"url": "https://www.suse.com/security/cve/CVE-2024-33394/"
}
],
"title": "Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container",
"tracking": {
"current_release_date": "2024-07-08T09:52:12Z",
"generator": {
"date": "2024-07-08T09:52:12Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:2318-1",
"initial_release_date": "2024-07-08T09:52:12Z",
"revision_history": [
{
"date": "2024-07-08T09:52:12Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kubevirt-container-disk-1.1.1-150600.5.3.2.x86_64",
"product": {
"name": "kubevirt-container-disk-1.1.1-150600.5.3.2.x86_64",
"product_id": "kubevirt-container-disk-1.1.1-150600.5.3.2.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-manifests-1.1.1-150600.5.3.2.x86_64",
"product": {
"name": "kubevirt-manifests-1.1.1-150600.5.3.2.x86_64",
"product_id": "kubevirt-manifests-1.1.1-150600.5.3.2.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-pr-helper-conf-1.1.1-150600.5.3.2.x86_64",
"product": {
"name": "kubevirt-pr-helper-conf-1.1.1-150600.5.3.2.x86_64",
"product_id": "kubevirt-pr-helper-conf-1.1.1-150600.5.3.2.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-tests-1.1.1-150600.5.3.2.x86_64",
"product": {
"name": "kubevirt-tests-1.1.1-150600.5.3.2.x86_64",
"product_id": "kubevirt-tests-1.1.1-150600.5.3.2.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-api-1.1.1-150600.5.3.2.x86_64",
"product": {
"name": "kubevirt-virt-api-1.1.1-150600.5.3.2.x86_64",
"product_id": "kubevirt-virt-api-1.1.1-150600.5.3.2.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-controller-1.1.1-150600.5.3.2.x86_64",
"product": {
"name": "kubevirt-virt-controller-1.1.1-150600.5.3.2.x86_64",
"product_id": "kubevirt-virt-controller-1.1.1-150600.5.3.2.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-exportproxy-1.1.1-150600.5.3.2.x86_64",
"product": {
"name": "kubevirt-virt-exportproxy-1.1.1-150600.5.3.2.x86_64",
"product_id": "kubevirt-virt-exportproxy-1.1.1-150600.5.3.2.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-exportserver-1.1.1-150600.5.3.2.x86_64",
"product": {
"name": "kubevirt-virt-exportserver-1.1.1-150600.5.3.2.x86_64",
"product_id": "kubevirt-virt-exportserver-1.1.1-150600.5.3.2.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-handler-1.1.1-150600.5.3.2.x86_64",
"product": {
"name": "kubevirt-virt-handler-1.1.1-150600.5.3.2.x86_64",
"product_id": "kubevirt-virt-handler-1.1.1-150600.5.3.2.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-launcher-1.1.1-150600.5.3.2.x86_64",
"product": {
"name": "kubevirt-virt-launcher-1.1.1-150600.5.3.2.x86_64",
"product_id": "kubevirt-virt-launcher-1.1.1-150600.5.3.2.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-operator-1.1.1-150600.5.3.2.x86_64",
"product": {
"name": "kubevirt-virt-operator-1.1.1-150600.5.3.2.x86_64",
"product_id": "kubevirt-virt-operator-1.1.1-150600.5.3.2.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virtctl-1.1.1-150600.5.3.2.x86_64",
"product": {
"name": "kubevirt-virtctl-1.1.1-150600.5.3.2.x86_64",
"product_id": "kubevirt-virtctl-1.1.1-150600.5.3.2.x86_64"
}
},
{
"category": "product_version",
"name": "obs-service-kubevirt_containers_meta-1.1.1-150600.5.3.2.x86_64",
"product": {
"name": "obs-service-kubevirt_containers_meta-1.1.1-150600.5.3.2.x86_64",
"product_id": "obs-service-kubevirt_containers_meta-1.1.1-150600.5.3.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-manifests-1.1.1-150600.5.3.2.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-manifests-1.1.1-150600.5.3.2.x86_64"
},
"product_reference": "kubevirt-manifests-1.1.1-150600.5.3.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virtctl-1.1.1-150600.5.3.2.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-virtctl-1.1.1-150600.5.3.2.x86_64"
},
"product_reference": "kubevirt-virtctl-1.1.1-150600.5.3.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-container-disk-1.1.1-150600.5.3.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kubevirt-container-disk-1.1.1-150600.5.3.2.x86_64"
},
"product_reference": "kubevirt-container-disk-1.1.1-150600.5.3.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-manifests-1.1.1-150600.5.3.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kubevirt-manifests-1.1.1-150600.5.3.2.x86_64"
},
"product_reference": "kubevirt-manifests-1.1.1-150600.5.3.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-pr-helper-conf-1.1.1-150600.5.3.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kubevirt-pr-helper-conf-1.1.1-150600.5.3.2.x86_64"
},
"product_reference": "kubevirt-pr-helper-conf-1.1.1-150600.5.3.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-tests-1.1.1-150600.5.3.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kubevirt-tests-1.1.1-150600.5.3.2.x86_64"
},
"product_reference": "kubevirt-tests-1.1.1-150600.5.3.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-api-1.1.1-150600.5.3.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kubevirt-virt-api-1.1.1-150600.5.3.2.x86_64"
},
"product_reference": "kubevirt-virt-api-1.1.1-150600.5.3.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-controller-1.1.1-150600.5.3.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kubevirt-virt-controller-1.1.1-150600.5.3.2.x86_64"
},
"product_reference": "kubevirt-virt-controller-1.1.1-150600.5.3.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-exportproxy-1.1.1-150600.5.3.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kubevirt-virt-exportproxy-1.1.1-150600.5.3.2.x86_64"
},
"product_reference": "kubevirt-virt-exportproxy-1.1.1-150600.5.3.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-exportserver-1.1.1-150600.5.3.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kubevirt-virt-exportserver-1.1.1-150600.5.3.2.x86_64"
},
"product_reference": "kubevirt-virt-exportserver-1.1.1-150600.5.3.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-handler-1.1.1-150600.5.3.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kubevirt-virt-handler-1.1.1-150600.5.3.2.x86_64"
},
"product_reference": "kubevirt-virt-handler-1.1.1-150600.5.3.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-launcher-1.1.1-150600.5.3.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kubevirt-virt-launcher-1.1.1-150600.5.3.2.x86_64"
},
"product_reference": "kubevirt-virt-launcher-1.1.1-150600.5.3.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-operator-1.1.1-150600.5.3.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kubevirt-virt-operator-1.1.1-150600.5.3.2.x86_64"
},
"product_reference": "kubevirt-virt-operator-1.1.1-150600.5.3.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virtctl-1.1.1-150600.5.3.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kubevirt-virtctl-1.1.1-150600.5.3.2.x86_64"
},
"product_reference": "kubevirt-virtctl-1.1.1-150600.5.3.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "obs-service-kubevirt_containers_meta-1.1.1-150600.5.3.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:obs-service-kubevirt_containers_meta-1.1.1-150600.5.3.2.x86_64"
},
"product_reference": "obs-service-kubevirt_containers_meta-1.1.1-150600.5.3.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-33394",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-33394"
}
],
"notes": [
{
"category": "general",
"text": "An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-manifests-1.1.1-150600.5.3.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-virtctl-1.1.1-150600.5.3.2.x86_64",
"openSUSE Leap 15.6:kubevirt-container-disk-1.1.1-150600.5.3.2.x86_64",
"openSUSE Leap 15.6:kubevirt-manifests-1.1.1-150600.5.3.2.x86_64",
"openSUSE Leap 15.6:kubevirt-pr-helper-conf-1.1.1-150600.5.3.2.x86_64",
"openSUSE Leap 15.6:kubevirt-tests-1.1.1-150600.5.3.2.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-api-1.1.1-150600.5.3.2.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-controller-1.1.1-150600.5.3.2.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-exportproxy-1.1.1-150600.5.3.2.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-exportserver-1.1.1-150600.5.3.2.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-handler-1.1.1-150600.5.3.2.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-launcher-1.1.1-150600.5.3.2.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-operator-1.1.1-150600.5.3.2.x86_64",
"openSUSE Leap 15.6:kubevirt-virtctl-1.1.1-150600.5.3.2.x86_64",
"openSUSE Leap 15.6:obs-service-kubevirt_containers_meta-1.1.1-150600.5.3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-33394",
"url": "https://www.suse.com/security/cve/CVE-2024-33394"
},
{
"category": "external",
"summary": "SUSE Bug 1223965 for CVE-2024-33394",
"url": "https://bugzilla.suse.com/1223965"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-manifests-1.1.1-150600.5.3.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-virtctl-1.1.1-150600.5.3.2.x86_64",
"openSUSE Leap 15.6:kubevirt-container-disk-1.1.1-150600.5.3.2.x86_64",
"openSUSE Leap 15.6:kubevirt-manifests-1.1.1-150600.5.3.2.x86_64",
"openSUSE Leap 15.6:kubevirt-pr-helper-conf-1.1.1-150600.5.3.2.x86_64",
"openSUSE Leap 15.6:kubevirt-tests-1.1.1-150600.5.3.2.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-api-1.1.1-150600.5.3.2.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-controller-1.1.1-150600.5.3.2.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-exportproxy-1.1.1-150600.5.3.2.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-exportserver-1.1.1-150600.5.3.2.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-handler-1.1.1-150600.5.3.2.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-launcher-1.1.1-150600.5.3.2.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-operator-1.1.1-150600.5.3.2.x86_64",
"openSUSE Leap 15.6:kubevirt-virtctl-1.1.1-150600.5.3.2.x86_64",
"openSUSE Leap 15.6:obs-service-kubevirt_containers_meta-1.1.1-150600.5.3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-manifests-1.1.1-150600.5.3.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-virtctl-1.1.1-150600.5.3.2.x86_64",
"openSUSE Leap 15.6:kubevirt-container-disk-1.1.1-150600.5.3.2.x86_64",
"openSUSE Leap 15.6:kubevirt-manifests-1.1.1-150600.5.3.2.x86_64",
"openSUSE Leap 15.6:kubevirt-pr-helper-conf-1.1.1-150600.5.3.2.x86_64",
"openSUSE Leap 15.6:kubevirt-tests-1.1.1-150600.5.3.2.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-api-1.1.1-150600.5.3.2.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-controller-1.1.1-150600.5.3.2.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-exportproxy-1.1.1-150600.5.3.2.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-exportserver-1.1.1-150600.5.3.2.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-handler-1.1.1-150600.5.3.2.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-launcher-1.1.1-150600.5.3.2.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-operator-1.1.1-150600.5.3.2.x86_64",
"openSUSE Leap 15.6:kubevirt-virtctl-1.1.1-150600.5.3.2.x86_64",
"openSUSE Leap 15.6:obs-service-kubevirt_containers_meta-1.1.1-150600.5.3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-08T09:52:12Z",
"details": "moderate"
}
],
"title": "CVE-2024-33394"
}
]
}
SUSE-SU-2024:2246-1
Vulnerability from csaf_suse - Published: 2024-06-29 06:55 - Updated: 2024-06-29 06:55Summary
Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container
Notes
Title of the patch
Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container
Description of the patch
This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues:
- Collect component Role rules under operator Role instead of
ClusterRole (bsc#1223965, CVE-2024-33394)
- Ensure procps is installed (provides ps for tests)
This update also rebuilds it against current go releases.
Patchnames
SUSE-2024-2246,SUSE-SLE-Micro-5.5-2024-2246,SUSE-SLE-Module-Containers-15-SP5-2024-2246,openSUSE-SLE-15.5-2024-2246
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues:\n\n\n- Collect component Role rules under operator Role instead of\n ClusterRole (bsc#1223965, CVE-2024-33394)\n- Ensure procps is installed (provides ps for tests)\n\nThis update also rebuilds it against current go releases.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-2246,SUSE-SLE-Micro-5.5-2024-2246,SUSE-SLE-Module-Containers-15-SP5-2024-2246,openSUSE-SLE-15.5-2024-2246",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_2246-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:2246-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20242246-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:2246-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018830.html"
},
{
"category": "self",
"summary": "SUSE Bug 1223965",
"url": "https://bugzilla.suse.com/1223965"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-33394 page",
"url": "https://www.suse.com/security/cve/CVE-2024-33394/"
}
],
"title": "Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container",
"tracking": {
"current_release_date": "2024-06-29T06:55:05Z",
"generator": {
"date": "2024-06-29T06:55:05Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:2246-1",
"initial_release_date": "2024-06-29T06:55:05Z",
"revision_history": [
{
"date": "2024-06-29T06:55:05Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kubevirt-container-disk-1.1.1-150500.8.18.1.x86_64",
"product": {
"name": "kubevirt-container-disk-1.1.1-150500.8.18.1.x86_64",
"product_id": "kubevirt-container-disk-1.1.1-150500.8.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-manifests-1.1.1-150500.8.18.1.x86_64",
"product": {
"name": "kubevirt-manifests-1.1.1-150500.8.18.1.x86_64",
"product_id": "kubevirt-manifests-1.1.1-150500.8.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-pr-helper-conf-1.1.1-150500.8.18.1.x86_64",
"product": {
"name": "kubevirt-pr-helper-conf-1.1.1-150500.8.18.1.x86_64",
"product_id": "kubevirt-pr-helper-conf-1.1.1-150500.8.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-tests-1.1.1-150500.8.18.1.x86_64",
"product": {
"name": "kubevirt-tests-1.1.1-150500.8.18.1.x86_64",
"product_id": "kubevirt-tests-1.1.1-150500.8.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-api-1.1.1-150500.8.18.1.x86_64",
"product": {
"name": "kubevirt-virt-api-1.1.1-150500.8.18.1.x86_64",
"product_id": "kubevirt-virt-api-1.1.1-150500.8.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-controller-1.1.1-150500.8.18.1.x86_64",
"product": {
"name": "kubevirt-virt-controller-1.1.1-150500.8.18.1.x86_64",
"product_id": "kubevirt-virt-controller-1.1.1-150500.8.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-exportproxy-1.1.1-150500.8.18.1.x86_64",
"product": {
"name": "kubevirt-virt-exportproxy-1.1.1-150500.8.18.1.x86_64",
"product_id": "kubevirt-virt-exportproxy-1.1.1-150500.8.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-exportserver-1.1.1-150500.8.18.1.x86_64",
"product": {
"name": "kubevirt-virt-exportserver-1.1.1-150500.8.18.1.x86_64",
"product_id": "kubevirt-virt-exportserver-1.1.1-150500.8.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-handler-1.1.1-150500.8.18.1.x86_64",
"product": {
"name": "kubevirt-virt-handler-1.1.1-150500.8.18.1.x86_64",
"product_id": "kubevirt-virt-handler-1.1.1-150500.8.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-launcher-1.1.1-150500.8.18.1.x86_64",
"product": {
"name": "kubevirt-virt-launcher-1.1.1-150500.8.18.1.x86_64",
"product_id": "kubevirt-virt-launcher-1.1.1-150500.8.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-operator-1.1.1-150500.8.18.1.x86_64",
"product": {
"name": "kubevirt-virt-operator-1.1.1-150500.8.18.1.x86_64",
"product_id": "kubevirt-virt-operator-1.1.1-150500.8.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virtctl-1.1.1-150500.8.18.1.x86_64",
"product": {
"name": "kubevirt-virtctl-1.1.1-150500.8.18.1.x86_64",
"product_id": "kubevirt-virtctl-1.1.1-150500.8.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "obs-service-kubevirt_containers_meta-1.1.1-150500.8.18.1.x86_64",
"product": {
"name": "obs-service-kubevirt_containers_meta-1.1.1-150500.8.18.1.x86_64",
"product_id": "obs-service-kubevirt_containers_meta-1.1.1-150500.8.18.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-manifests-1.1.1-150500.8.18.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:kubevirt-manifests-1.1.1-150500.8.18.1.x86_64"
},
"product_reference": "kubevirt-manifests-1.1.1-150500.8.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virtctl-1.1.1-150500.8.18.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:kubevirt-virtctl-1.1.1-150500.8.18.1.x86_64"
},
"product_reference": "kubevirt-virtctl-1.1.1-150500.8.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-manifests-1.1.1-150500.8.18.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:kubevirt-manifests-1.1.1-150500.8.18.1.x86_64"
},
"product_reference": "kubevirt-manifests-1.1.1-150500.8.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virtctl-1.1.1-150500.8.18.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:kubevirt-virtctl-1.1.1-150500.8.18.1.x86_64"
},
"product_reference": "kubevirt-virtctl-1.1.1-150500.8.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-container-disk-1.1.1-150500.8.18.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:kubevirt-container-disk-1.1.1-150500.8.18.1.x86_64"
},
"product_reference": "kubevirt-container-disk-1.1.1-150500.8.18.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-manifests-1.1.1-150500.8.18.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:kubevirt-manifests-1.1.1-150500.8.18.1.x86_64"
},
"product_reference": "kubevirt-manifests-1.1.1-150500.8.18.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-tests-1.1.1-150500.8.18.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:kubevirt-tests-1.1.1-150500.8.18.1.x86_64"
},
"product_reference": "kubevirt-tests-1.1.1-150500.8.18.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-api-1.1.1-150500.8.18.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:kubevirt-virt-api-1.1.1-150500.8.18.1.x86_64"
},
"product_reference": "kubevirt-virt-api-1.1.1-150500.8.18.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-controller-1.1.1-150500.8.18.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:kubevirt-virt-controller-1.1.1-150500.8.18.1.x86_64"
},
"product_reference": "kubevirt-virt-controller-1.1.1-150500.8.18.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-exportproxy-1.1.1-150500.8.18.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:kubevirt-virt-exportproxy-1.1.1-150500.8.18.1.x86_64"
},
"product_reference": "kubevirt-virt-exportproxy-1.1.1-150500.8.18.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-exportserver-1.1.1-150500.8.18.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:kubevirt-virt-exportserver-1.1.1-150500.8.18.1.x86_64"
},
"product_reference": "kubevirt-virt-exportserver-1.1.1-150500.8.18.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-handler-1.1.1-150500.8.18.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:kubevirt-virt-handler-1.1.1-150500.8.18.1.x86_64"
},
"product_reference": "kubevirt-virt-handler-1.1.1-150500.8.18.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-launcher-1.1.1-150500.8.18.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:kubevirt-virt-launcher-1.1.1-150500.8.18.1.x86_64"
},
"product_reference": "kubevirt-virt-launcher-1.1.1-150500.8.18.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-operator-1.1.1-150500.8.18.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:kubevirt-virt-operator-1.1.1-150500.8.18.1.x86_64"
},
"product_reference": "kubevirt-virt-operator-1.1.1-150500.8.18.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virtctl-1.1.1-150500.8.18.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:kubevirt-virtctl-1.1.1-150500.8.18.1.x86_64"
},
"product_reference": "kubevirt-virtctl-1.1.1-150500.8.18.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "obs-service-kubevirt_containers_meta-1.1.1-150500.8.18.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:obs-service-kubevirt_containers_meta-1.1.1-150500.8.18.1.x86_64"
},
"product_reference": "obs-service-kubevirt_containers_meta-1.1.1-150500.8.18.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-33394",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-33394"
}
],
"notes": [
{
"category": "general",
"text": "An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kubevirt-manifests-1.1.1-150500.8.18.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kubevirt-virtctl-1.1.1-150500.8.18.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:kubevirt-manifests-1.1.1-150500.8.18.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:kubevirt-virtctl-1.1.1-150500.8.18.1.x86_64",
"openSUSE Leap 15.5:kubevirt-container-disk-1.1.1-150500.8.18.1.x86_64",
"openSUSE Leap 15.5:kubevirt-manifests-1.1.1-150500.8.18.1.x86_64",
"openSUSE Leap 15.5:kubevirt-tests-1.1.1-150500.8.18.1.x86_64",
"openSUSE Leap 15.5:kubevirt-virt-api-1.1.1-150500.8.18.1.x86_64",
"openSUSE Leap 15.5:kubevirt-virt-controller-1.1.1-150500.8.18.1.x86_64",
"openSUSE Leap 15.5:kubevirt-virt-exportproxy-1.1.1-150500.8.18.1.x86_64",
"openSUSE Leap 15.5:kubevirt-virt-exportserver-1.1.1-150500.8.18.1.x86_64",
"openSUSE Leap 15.5:kubevirt-virt-handler-1.1.1-150500.8.18.1.x86_64",
"openSUSE Leap 15.5:kubevirt-virt-launcher-1.1.1-150500.8.18.1.x86_64",
"openSUSE Leap 15.5:kubevirt-virt-operator-1.1.1-150500.8.18.1.x86_64",
"openSUSE Leap 15.5:kubevirt-virtctl-1.1.1-150500.8.18.1.x86_64",
"openSUSE Leap 15.5:obs-service-kubevirt_containers_meta-1.1.1-150500.8.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-33394",
"url": "https://www.suse.com/security/cve/CVE-2024-33394"
},
{
"category": "external",
"summary": "SUSE Bug 1223965 for CVE-2024-33394",
"url": "https://bugzilla.suse.com/1223965"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kubevirt-manifests-1.1.1-150500.8.18.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kubevirt-virtctl-1.1.1-150500.8.18.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:kubevirt-manifests-1.1.1-150500.8.18.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:kubevirt-virtctl-1.1.1-150500.8.18.1.x86_64",
"openSUSE Leap 15.5:kubevirt-container-disk-1.1.1-150500.8.18.1.x86_64",
"openSUSE Leap 15.5:kubevirt-manifests-1.1.1-150500.8.18.1.x86_64",
"openSUSE Leap 15.5:kubevirt-tests-1.1.1-150500.8.18.1.x86_64",
"openSUSE Leap 15.5:kubevirt-virt-api-1.1.1-150500.8.18.1.x86_64",
"openSUSE Leap 15.5:kubevirt-virt-controller-1.1.1-150500.8.18.1.x86_64",
"openSUSE Leap 15.5:kubevirt-virt-exportproxy-1.1.1-150500.8.18.1.x86_64",
"openSUSE Leap 15.5:kubevirt-virt-exportserver-1.1.1-150500.8.18.1.x86_64",
"openSUSE Leap 15.5:kubevirt-virt-handler-1.1.1-150500.8.18.1.x86_64",
"openSUSE Leap 15.5:kubevirt-virt-launcher-1.1.1-150500.8.18.1.x86_64",
"openSUSE Leap 15.5:kubevirt-virt-operator-1.1.1-150500.8.18.1.x86_64",
"openSUSE Leap 15.5:kubevirt-virtctl-1.1.1-150500.8.18.1.x86_64",
"openSUSE Leap 15.5:obs-service-kubevirt_containers_meta-1.1.1-150500.8.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kubevirt-manifests-1.1.1-150500.8.18.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kubevirt-virtctl-1.1.1-150500.8.18.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:kubevirt-manifests-1.1.1-150500.8.18.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:kubevirt-virtctl-1.1.1-150500.8.18.1.x86_64",
"openSUSE Leap 15.5:kubevirt-container-disk-1.1.1-150500.8.18.1.x86_64",
"openSUSE Leap 15.5:kubevirt-manifests-1.1.1-150500.8.18.1.x86_64",
"openSUSE Leap 15.5:kubevirt-tests-1.1.1-150500.8.18.1.x86_64",
"openSUSE Leap 15.5:kubevirt-virt-api-1.1.1-150500.8.18.1.x86_64",
"openSUSE Leap 15.5:kubevirt-virt-controller-1.1.1-150500.8.18.1.x86_64",
"openSUSE Leap 15.5:kubevirt-virt-exportproxy-1.1.1-150500.8.18.1.x86_64",
"openSUSE Leap 15.5:kubevirt-virt-exportserver-1.1.1-150500.8.18.1.x86_64",
"openSUSE Leap 15.5:kubevirt-virt-handler-1.1.1-150500.8.18.1.x86_64",
"openSUSE Leap 15.5:kubevirt-virt-launcher-1.1.1-150500.8.18.1.x86_64",
"openSUSE Leap 15.5:kubevirt-virt-operator-1.1.1-150500.8.18.1.x86_64",
"openSUSE Leap 15.5:kubevirt-virtctl-1.1.1-150500.8.18.1.x86_64",
"openSUSE Leap 15.5:obs-service-kubevirt_containers_meta-1.1.1-150500.8.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-29T06:55:05Z",
"details": "moderate"
}
],
"title": "CVE-2024-33394"
}
]
}
GHSA-4Q63-MR2M-57HF
Vulnerability from github – Published: 2024-05-02 18:30 – Updated: 2024-07-03 20:12
VLAI?
Summary
kubevirt allows a local attacker to execute arbitrary code via a crafted command
Details
An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component.
Severity ?
5.9 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "kubevirt.io/kubevirt"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.2.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-33394"
],
"database_specific": {
"cwe_ids": [
"CWE-94"
],
"github_reviewed": true,
"github_reviewed_at": "2024-05-03T20:15:34Z",
"nvd_published_at": "2024-05-02T18:15:07Z",
"severity": "MODERATE"
},
"details": "An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component.",
"id": "GHSA-4q63-mr2m-57hf",
"modified": "2024-07-03T20:12:42Z",
"published": "2024-05-02T18:30:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33394"
},
{
"type": "WEB",
"url": "https://gist.github.com/HouqiyuA/1b75e23ece7ad98490aec1c887bdf49b"
},
{
"type": "PACKAGE",
"url": "https://github.com/kubevirt/kubevirt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "kubevirt allows a local attacker to execute arbitrary code via a crafted command "
}
GSD-2024-33394
Vulnerability from gsd - Updated: 2024-04-24 05:02Details
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-33394"
],
"id": "GSD-2024-33394",
"modified": "2024-04-24T05:02:09.712015Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2024-33394",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
}
}
FKIE_CVE-2024-33394
Vulnerability from fkie_nvd - Published: 2024-05-02 18:15 - Updated: 2025-07-07 15:40
Severity ?
Summary
An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://gist.github.com/HouqiyuA/1b75e23ece7ad98490aec1c887bdf49b | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gist.github.com/HouqiyuA/1b75e23ece7ad98490aec1c887bdf49b | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubevirt:kubevirt:*:*:*:*:*:kubernetes:*:*",
"matchCriteriaId": "5F9D2154-6B9C-47C2-88CE-671B68BDA05C",
"versionEndIncluding": "1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component."
},
{
"lang": "es",
"value": "Un problema en kubevirt kubevirt v1.2.0 y anteriores permite a un atacante local ejecutar c\u00f3digo arbitrario mediante un comando manipulado para obtener el componente token."
}
],
"id": "CVE-2024-33394",
"lastModified": "2025-07-07T15:40:23.880",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 3.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-05-02T18:15:07.523",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gist.github.com/HouqiyuA/1b75e23ece7ad98490aec1c887bdf49b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://gist.github.com/HouqiyuA/1b75e23ece7ad98490aec1c887bdf49b"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
OPENSUSE-SU-2024:14058-1
Vulnerability from csaf_opensuse - Published: 2024-06-20 00:00 - Updated: 2024-06-20 00:00Summary
kubevirt-container-disk-1.2.2-2.1 on GA media
Notes
Title of the patch
kubevirt-container-disk-1.2.2-2.1 on GA media
Description of the patch
These are all security issues fixed in the kubevirt-container-disk-1.2.2-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-14058
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "kubevirt-container-disk-1.2.2-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the kubevirt-container-disk-1.2.2-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-14058",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14058-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-33394 page",
"url": "https://www.suse.com/security/cve/CVE-2024-33394/"
}
],
"title": "kubevirt-container-disk-1.2.2-2.1 on GA media",
"tracking": {
"current_release_date": "2024-06-20T00:00:00Z",
"generator": {
"date": "2024-06-20T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:14058-1",
"initial_release_date": "2024-06-20T00:00:00Z",
"revision_history": [
{
"date": "2024-06-20T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kubevirt-container-disk-1.2.2-2.1.aarch64",
"product": {
"name": "kubevirt-container-disk-1.2.2-2.1.aarch64",
"product_id": "kubevirt-container-disk-1.2.2-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubevirt-manifests-1.2.2-2.1.aarch64",
"product": {
"name": "kubevirt-manifests-1.2.2-2.1.aarch64",
"product_id": "kubevirt-manifests-1.2.2-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubevirt-pr-helper-conf-1.2.2-2.1.aarch64",
"product": {
"name": "kubevirt-pr-helper-conf-1.2.2-2.1.aarch64",
"product_id": "kubevirt-pr-helper-conf-1.2.2-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubevirt-tests-1.2.2-2.1.aarch64",
"product": {
"name": "kubevirt-tests-1.2.2-2.1.aarch64",
"product_id": "kubevirt-tests-1.2.2-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-api-1.2.2-2.1.aarch64",
"product": {
"name": "kubevirt-virt-api-1.2.2-2.1.aarch64",
"product_id": "kubevirt-virt-api-1.2.2-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-controller-1.2.2-2.1.aarch64",
"product": {
"name": "kubevirt-virt-controller-1.2.2-2.1.aarch64",
"product_id": "kubevirt-virt-controller-1.2.2-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-exportproxy-1.2.2-2.1.aarch64",
"product": {
"name": "kubevirt-virt-exportproxy-1.2.2-2.1.aarch64",
"product_id": "kubevirt-virt-exportproxy-1.2.2-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-exportserver-1.2.2-2.1.aarch64",
"product": {
"name": "kubevirt-virt-exportserver-1.2.2-2.1.aarch64",
"product_id": "kubevirt-virt-exportserver-1.2.2-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-handler-1.2.2-2.1.aarch64",
"product": {
"name": "kubevirt-virt-handler-1.2.2-2.1.aarch64",
"product_id": "kubevirt-virt-handler-1.2.2-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-launcher-1.2.2-2.1.aarch64",
"product": {
"name": "kubevirt-virt-launcher-1.2.2-2.1.aarch64",
"product_id": "kubevirt-virt-launcher-1.2.2-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-operator-1.2.2-2.1.aarch64",
"product": {
"name": "kubevirt-virt-operator-1.2.2-2.1.aarch64",
"product_id": "kubevirt-virt-operator-1.2.2-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubevirt-virtctl-1.2.2-2.1.aarch64",
"product": {
"name": "kubevirt-virtctl-1.2.2-2.1.aarch64",
"product_id": "kubevirt-virtctl-1.2.2-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "obs-service-kubevirt_containers_meta-1.2.2-2.1.aarch64",
"product": {
"name": "obs-service-kubevirt_containers_meta-1.2.2-2.1.aarch64",
"product_id": "obs-service-kubevirt_containers_meta-1.2.2-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kubevirt-container-disk-1.2.2-2.1.ppc64le",
"product": {
"name": "kubevirt-container-disk-1.2.2-2.1.ppc64le",
"product_id": "kubevirt-container-disk-1.2.2-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubevirt-manifests-1.2.2-2.1.ppc64le",
"product": {
"name": "kubevirt-manifests-1.2.2-2.1.ppc64le",
"product_id": "kubevirt-manifests-1.2.2-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubevirt-pr-helper-conf-1.2.2-2.1.ppc64le",
"product": {
"name": "kubevirt-pr-helper-conf-1.2.2-2.1.ppc64le",
"product_id": "kubevirt-pr-helper-conf-1.2.2-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubevirt-tests-1.2.2-2.1.ppc64le",
"product": {
"name": "kubevirt-tests-1.2.2-2.1.ppc64le",
"product_id": "kubevirt-tests-1.2.2-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-api-1.2.2-2.1.ppc64le",
"product": {
"name": "kubevirt-virt-api-1.2.2-2.1.ppc64le",
"product_id": "kubevirt-virt-api-1.2.2-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-controller-1.2.2-2.1.ppc64le",
"product": {
"name": "kubevirt-virt-controller-1.2.2-2.1.ppc64le",
"product_id": "kubevirt-virt-controller-1.2.2-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-exportproxy-1.2.2-2.1.ppc64le",
"product": {
"name": "kubevirt-virt-exportproxy-1.2.2-2.1.ppc64le",
"product_id": "kubevirt-virt-exportproxy-1.2.2-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-exportserver-1.2.2-2.1.ppc64le",
"product": {
"name": "kubevirt-virt-exportserver-1.2.2-2.1.ppc64le",
"product_id": "kubevirt-virt-exportserver-1.2.2-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-handler-1.2.2-2.1.ppc64le",
"product": {
"name": "kubevirt-virt-handler-1.2.2-2.1.ppc64le",
"product_id": "kubevirt-virt-handler-1.2.2-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-launcher-1.2.2-2.1.ppc64le",
"product": {
"name": "kubevirt-virt-launcher-1.2.2-2.1.ppc64le",
"product_id": "kubevirt-virt-launcher-1.2.2-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-operator-1.2.2-2.1.ppc64le",
"product": {
"name": "kubevirt-virt-operator-1.2.2-2.1.ppc64le",
"product_id": "kubevirt-virt-operator-1.2.2-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubevirt-virtctl-1.2.2-2.1.ppc64le",
"product": {
"name": "kubevirt-virtctl-1.2.2-2.1.ppc64le",
"product_id": "kubevirt-virtctl-1.2.2-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "obs-service-kubevirt_containers_meta-1.2.2-2.1.ppc64le",
"product": {
"name": "obs-service-kubevirt_containers_meta-1.2.2-2.1.ppc64le",
"product_id": "obs-service-kubevirt_containers_meta-1.2.2-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kubevirt-container-disk-1.2.2-2.1.s390x",
"product": {
"name": "kubevirt-container-disk-1.2.2-2.1.s390x",
"product_id": "kubevirt-container-disk-1.2.2-2.1.s390x"
}
},
{
"category": "product_version",
"name": "kubevirt-manifests-1.2.2-2.1.s390x",
"product": {
"name": "kubevirt-manifests-1.2.2-2.1.s390x",
"product_id": "kubevirt-manifests-1.2.2-2.1.s390x"
}
},
{
"category": "product_version",
"name": "kubevirt-pr-helper-conf-1.2.2-2.1.s390x",
"product": {
"name": "kubevirt-pr-helper-conf-1.2.2-2.1.s390x",
"product_id": "kubevirt-pr-helper-conf-1.2.2-2.1.s390x"
}
},
{
"category": "product_version",
"name": "kubevirt-tests-1.2.2-2.1.s390x",
"product": {
"name": "kubevirt-tests-1.2.2-2.1.s390x",
"product_id": "kubevirt-tests-1.2.2-2.1.s390x"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-api-1.2.2-2.1.s390x",
"product": {
"name": "kubevirt-virt-api-1.2.2-2.1.s390x",
"product_id": "kubevirt-virt-api-1.2.2-2.1.s390x"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-controller-1.2.2-2.1.s390x",
"product": {
"name": "kubevirt-virt-controller-1.2.2-2.1.s390x",
"product_id": "kubevirt-virt-controller-1.2.2-2.1.s390x"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-exportproxy-1.2.2-2.1.s390x",
"product": {
"name": "kubevirt-virt-exportproxy-1.2.2-2.1.s390x",
"product_id": "kubevirt-virt-exportproxy-1.2.2-2.1.s390x"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-exportserver-1.2.2-2.1.s390x",
"product": {
"name": "kubevirt-virt-exportserver-1.2.2-2.1.s390x",
"product_id": "kubevirt-virt-exportserver-1.2.2-2.1.s390x"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-handler-1.2.2-2.1.s390x",
"product": {
"name": "kubevirt-virt-handler-1.2.2-2.1.s390x",
"product_id": "kubevirt-virt-handler-1.2.2-2.1.s390x"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-launcher-1.2.2-2.1.s390x",
"product": {
"name": "kubevirt-virt-launcher-1.2.2-2.1.s390x",
"product_id": "kubevirt-virt-launcher-1.2.2-2.1.s390x"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-operator-1.2.2-2.1.s390x",
"product": {
"name": "kubevirt-virt-operator-1.2.2-2.1.s390x",
"product_id": "kubevirt-virt-operator-1.2.2-2.1.s390x"
}
},
{
"category": "product_version",
"name": "kubevirt-virtctl-1.2.2-2.1.s390x",
"product": {
"name": "kubevirt-virtctl-1.2.2-2.1.s390x",
"product_id": "kubevirt-virtctl-1.2.2-2.1.s390x"
}
},
{
"category": "product_version",
"name": "obs-service-kubevirt_containers_meta-1.2.2-2.1.s390x",
"product": {
"name": "obs-service-kubevirt_containers_meta-1.2.2-2.1.s390x",
"product_id": "obs-service-kubevirt_containers_meta-1.2.2-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kubevirt-container-disk-1.2.2-2.1.x86_64",
"product": {
"name": "kubevirt-container-disk-1.2.2-2.1.x86_64",
"product_id": "kubevirt-container-disk-1.2.2-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-manifests-1.2.2-2.1.x86_64",
"product": {
"name": "kubevirt-manifests-1.2.2-2.1.x86_64",
"product_id": "kubevirt-manifests-1.2.2-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-pr-helper-conf-1.2.2-2.1.x86_64",
"product": {
"name": "kubevirt-pr-helper-conf-1.2.2-2.1.x86_64",
"product_id": "kubevirt-pr-helper-conf-1.2.2-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-tests-1.2.2-2.1.x86_64",
"product": {
"name": "kubevirt-tests-1.2.2-2.1.x86_64",
"product_id": "kubevirt-tests-1.2.2-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-api-1.2.2-2.1.x86_64",
"product": {
"name": "kubevirt-virt-api-1.2.2-2.1.x86_64",
"product_id": "kubevirt-virt-api-1.2.2-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-controller-1.2.2-2.1.x86_64",
"product": {
"name": "kubevirt-virt-controller-1.2.2-2.1.x86_64",
"product_id": "kubevirt-virt-controller-1.2.2-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-exportproxy-1.2.2-2.1.x86_64",
"product": {
"name": "kubevirt-virt-exportproxy-1.2.2-2.1.x86_64",
"product_id": "kubevirt-virt-exportproxy-1.2.2-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-exportserver-1.2.2-2.1.x86_64",
"product": {
"name": "kubevirt-virt-exportserver-1.2.2-2.1.x86_64",
"product_id": "kubevirt-virt-exportserver-1.2.2-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-handler-1.2.2-2.1.x86_64",
"product": {
"name": "kubevirt-virt-handler-1.2.2-2.1.x86_64",
"product_id": "kubevirt-virt-handler-1.2.2-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-launcher-1.2.2-2.1.x86_64",
"product": {
"name": "kubevirt-virt-launcher-1.2.2-2.1.x86_64",
"product_id": "kubevirt-virt-launcher-1.2.2-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-operator-1.2.2-2.1.x86_64",
"product": {
"name": "kubevirt-virt-operator-1.2.2-2.1.x86_64",
"product_id": "kubevirt-virt-operator-1.2.2-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virtctl-1.2.2-2.1.x86_64",
"product": {
"name": "kubevirt-virtctl-1.2.2-2.1.x86_64",
"product_id": "kubevirt-virtctl-1.2.2-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "obs-service-kubevirt_containers_meta-1.2.2-2.1.x86_64",
"product": {
"name": "obs-service-kubevirt_containers_meta-1.2.2-2.1.x86_64",
"product_id": "obs-service-kubevirt_containers_meta-1.2.2-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-container-disk-1.2.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-container-disk-1.2.2-2.1.aarch64"
},
"product_reference": "kubevirt-container-disk-1.2.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-container-disk-1.2.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-container-disk-1.2.2-2.1.ppc64le"
},
"product_reference": "kubevirt-container-disk-1.2.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-container-disk-1.2.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-container-disk-1.2.2-2.1.s390x"
},
"product_reference": "kubevirt-container-disk-1.2.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-container-disk-1.2.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-container-disk-1.2.2-2.1.x86_64"
},
"product_reference": "kubevirt-container-disk-1.2.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-manifests-1.2.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-manifests-1.2.2-2.1.aarch64"
},
"product_reference": "kubevirt-manifests-1.2.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-manifests-1.2.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-manifests-1.2.2-2.1.ppc64le"
},
"product_reference": "kubevirt-manifests-1.2.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-manifests-1.2.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-manifests-1.2.2-2.1.s390x"
},
"product_reference": "kubevirt-manifests-1.2.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-manifests-1.2.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-manifests-1.2.2-2.1.x86_64"
},
"product_reference": "kubevirt-manifests-1.2.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-pr-helper-conf-1.2.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-pr-helper-conf-1.2.2-2.1.aarch64"
},
"product_reference": "kubevirt-pr-helper-conf-1.2.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-pr-helper-conf-1.2.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-pr-helper-conf-1.2.2-2.1.ppc64le"
},
"product_reference": "kubevirt-pr-helper-conf-1.2.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-pr-helper-conf-1.2.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-pr-helper-conf-1.2.2-2.1.s390x"
},
"product_reference": "kubevirt-pr-helper-conf-1.2.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-pr-helper-conf-1.2.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-pr-helper-conf-1.2.2-2.1.x86_64"
},
"product_reference": "kubevirt-pr-helper-conf-1.2.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-tests-1.2.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-tests-1.2.2-2.1.aarch64"
},
"product_reference": "kubevirt-tests-1.2.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-tests-1.2.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-tests-1.2.2-2.1.ppc64le"
},
"product_reference": "kubevirt-tests-1.2.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-tests-1.2.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-tests-1.2.2-2.1.s390x"
},
"product_reference": "kubevirt-tests-1.2.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-tests-1.2.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-tests-1.2.2-2.1.x86_64"
},
"product_reference": "kubevirt-tests-1.2.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-api-1.2.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-virt-api-1.2.2-2.1.aarch64"
},
"product_reference": "kubevirt-virt-api-1.2.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-api-1.2.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-virt-api-1.2.2-2.1.ppc64le"
},
"product_reference": "kubevirt-virt-api-1.2.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-api-1.2.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-virt-api-1.2.2-2.1.s390x"
},
"product_reference": "kubevirt-virt-api-1.2.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-api-1.2.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-virt-api-1.2.2-2.1.x86_64"
},
"product_reference": "kubevirt-virt-api-1.2.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-controller-1.2.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-virt-controller-1.2.2-2.1.aarch64"
},
"product_reference": "kubevirt-virt-controller-1.2.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-controller-1.2.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-virt-controller-1.2.2-2.1.ppc64le"
},
"product_reference": "kubevirt-virt-controller-1.2.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-controller-1.2.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-virt-controller-1.2.2-2.1.s390x"
},
"product_reference": "kubevirt-virt-controller-1.2.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-controller-1.2.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-virt-controller-1.2.2-2.1.x86_64"
},
"product_reference": "kubevirt-virt-controller-1.2.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-exportproxy-1.2.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-virt-exportproxy-1.2.2-2.1.aarch64"
},
"product_reference": "kubevirt-virt-exportproxy-1.2.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-exportproxy-1.2.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-virt-exportproxy-1.2.2-2.1.ppc64le"
},
"product_reference": "kubevirt-virt-exportproxy-1.2.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-exportproxy-1.2.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-virt-exportproxy-1.2.2-2.1.s390x"
},
"product_reference": "kubevirt-virt-exportproxy-1.2.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-exportproxy-1.2.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-virt-exportproxy-1.2.2-2.1.x86_64"
},
"product_reference": "kubevirt-virt-exportproxy-1.2.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-exportserver-1.2.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-virt-exportserver-1.2.2-2.1.aarch64"
},
"product_reference": "kubevirt-virt-exportserver-1.2.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-exportserver-1.2.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-virt-exportserver-1.2.2-2.1.ppc64le"
},
"product_reference": "kubevirt-virt-exportserver-1.2.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-exportserver-1.2.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-virt-exportserver-1.2.2-2.1.s390x"
},
"product_reference": "kubevirt-virt-exportserver-1.2.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-exportserver-1.2.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-virt-exportserver-1.2.2-2.1.x86_64"
},
"product_reference": "kubevirt-virt-exportserver-1.2.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-handler-1.2.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-virt-handler-1.2.2-2.1.aarch64"
},
"product_reference": "kubevirt-virt-handler-1.2.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-handler-1.2.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-virt-handler-1.2.2-2.1.ppc64le"
},
"product_reference": "kubevirt-virt-handler-1.2.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-handler-1.2.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-virt-handler-1.2.2-2.1.s390x"
},
"product_reference": "kubevirt-virt-handler-1.2.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-handler-1.2.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-virt-handler-1.2.2-2.1.x86_64"
},
"product_reference": "kubevirt-virt-handler-1.2.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-launcher-1.2.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-virt-launcher-1.2.2-2.1.aarch64"
},
"product_reference": "kubevirt-virt-launcher-1.2.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-launcher-1.2.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-virt-launcher-1.2.2-2.1.ppc64le"
},
"product_reference": "kubevirt-virt-launcher-1.2.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-launcher-1.2.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-virt-launcher-1.2.2-2.1.s390x"
},
"product_reference": "kubevirt-virt-launcher-1.2.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-launcher-1.2.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-virt-launcher-1.2.2-2.1.x86_64"
},
"product_reference": "kubevirt-virt-launcher-1.2.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-operator-1.2.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-virt-operator-1.2.2-2.1.aarch64"
},
"product_reference": "kubevirt-virt-operator-1.2.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-operator-1.2.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-virt-operator-1.2.2-2.1.ppc64le"
},
"product_reference": "kubevirt-virt-operator-1.2.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-operator-1.2.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-virt-operator-1.2.2-2.1.s390x"
},
"product_reference": "kubevirt-virt-operator-1.2.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-operator-1.2.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-virt-operator-1.2.2-2.1.x86_64"
},
"product_reference": "kubevirt-virt-operator-1.2.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virtctl-1.2.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-virtctl-1.2.2-2.1.aarch64"
},
"product_reference": "kubevirt-virtctl-1.2.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virtctl-1.2.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-virtctl-1.2.2-2.1.ppc64le"
},
"product_reference": "kubevirt-virtctl-1.2.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virtctl-1.2.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-virtctl-1.2.2-2.1.s390x"
},
"product_reference": "kubevirt-virtctl-1.2.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virtctl-1.2.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubevirt-virtctl-1.2.2-2.1.x86_64"
},
"product_reference": "kubevirt-virtctl-1.2.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "obs-service-kubevirt_containers_meta-1.2.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:obs-service-kubevirt_containers_meta-1.2.2-2.1.aarch64"
},
"product_reference": "obs-service-kubevirt_containers_meta-1.2.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "obs-service-kubevirt_containers_meta-1.2.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:obs-service-kubevirt_containers_meta-1.2.2-2.1.ppc64le"
},
"product_reference": "obs-service-kubevirt_containers_meta-1.2.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "obs-service-kubevirt_containers_meta-1.2.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:obs-service-kubevirt_containers_meta-1.2.2-2.1.s390x"
},
"product_reference": "obs-service-kubevirt_containers_meta-1.2.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "obs-service-kubevirt_containers_meta-1.2.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:obs-service-kubevirt_containers_meta-1.2.2-2.1.x86_64"
},
"product_reference": "obs-service-kubevirt_containers_meta-1.2.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-33394",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-33394"
}
],
"notes": [
{
"category": "general",
"text": "An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kubevirt-container-disk-1.2.2-2.1.aarch64",
"openSUSE Tumbleweed:kubevirt-container-disk-1.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:kubevirt-container-disk-1.2.2-2.1.s390x",
"openSUSE Tumbleweed:kubevirt-container-disk-1.2.2-2.1.x86_64",
"openSUSE Tumbleweed:kubevirt-manifests-1.2.2-2.1.aarch64",
"openSUSE Tumbleweed:kubevirt-manifests-1.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:kubevirt-manifests-1.2.2-2.1.s390x",
"openSUSE Tumbleweed:kubevirt-manifests-1.2.2-2.1.x86_64",
"openSUSE Tumbleweed:kubevirt-pr-helper-conf-1.2.2-2.1.aarch64",
"openSUSE Tumbleweed:kubevirt-pr-helper-conf-1.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:kubevirt-pr-helper-conf-1.2.2-2.1.s390x",
"openSUSE Tumbleweed:kubevirt-pr-helper-conf-1.2.2-2.1.x86_64",
"openSUSE Tumbleweed:kubevirt-tests-1.2.2-2.1.aarch64",
"openSUSE Tumbleweed:kubevirt-tests-1.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:kubevirt-tests-1.2.2-2.1.s390x",
"openSUSE Tumbleweed:kubevirt-tests-1.2.2-2.1.x86_64",
"openSUSE Tumbleweed:kubevirt-virt-api-1.2.2-2.1.aarch64",
"openSUSE Tumbleweed:kubevirt-virt-api-1.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:kubevirt-virt-api-1.2.2-2.1.s390x",
"openSUSE Tumbleweed:kubevirt-virt-api-1.2.2-2.1.x86_64",
"openSUSE Tumbleweed:kubevirt-virt-controller-1.2.2-2.1.aarch64",
"openSUSE Tumbleweed:kubevirt-virt-controller-1.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:kubevirt-virt-controller-1.2.2-2.1.s390x",
"openSUSE Tumbleweed:kubevirt-virt-controller-1.2.2-2.1.x86_64",
"openSUSE Tumbleweed:kubevirt-virt-exportproxy-1.2.2-2.1.aarch64",
"openSUSE Tumbleweed:kubevirt-virt-exportproxy-1.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:kubevirt-virt-exportproxy-1.2.2-2.1.s390x",
"openSUSE Tumbleweed:kubevirt-virt-exportproxy-1.2.2-2.1.x86_64",
"openSUSE Tumbleweed:kubevirt-virt-exportserver-1.2.2-2.1.aarch64",
"openSUSE Tumbleweed:kubevirt-virt-exportserver-1.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:kubevirt-virt-exportserver-1.2.2-2.1.s390x",
"openSUSE Tumbleweed:kubevirt-virt-exportserver-1.2.2-2.1.x86_64",
"openSUSE Tumbleweed:kubevirt-virt-handler-1.2.2-2.1.aarch64",
"openSUSE Tumbleweed:kubevirt-virt-handler-1.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:kubevirt-virt-handler-1.2.2-2.1.s390x",
"openSUSE Tumbleweed:kubevirt-virt-handler-1.2.2-2.1.x86_64",
"openSUSE Tumbleweed:kubevirt-virt-launcher-1.2.2-2.1.aarch64",
"openSUSE Tumbleweed:kubevirt-virt-launcher-1.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:kubevirt-virt-launcher-1.2.2-2.1.s390x",
"openSUSE Tumbleweed:kubevirt-virt-launcher-1.2.2-2.1.x86_64",
"openSUSE Tumbleweed:kubevirt-virt-operator-1.2.2-2.1.aarch64",
"openSUSE Tumbleweed:kubevirt-virt-operator-1.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:kubevirt-virt-operator-1.2.2-2.1.s390x",
"openSUSE Tumbleweed:kubevirt-virt-operator-1.2.2-2.1.x86_64",
"openSUSE Tumbleweed:kubevirt-virtctl-1.2.2-2.1.aarch64",
"openSUSE Tumbleweed:kubevirt-virtctl-1.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:kubevirt-virtctl-1.2.2-2.1.s390x",
"openSUSE Tumbleweed:kubevirt-virtctl-1.2.2-2.1.x86_64",
"openSUSE Tumbleweed:obs-service-kubevirt_containers_meta-1.2.2-2.1.aarch64",
"openSUSE Tumbleweed:obs-service-kubevirt_containers_meta-1.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:obs-service-kubevirt_containers_meta-1.2.2-2.1.s390x",
"openSUSE Tumbleweed:obs-service-kubevirt_containers_meta-1.2.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-33394",
"url": "https://www.suse.com/security/cve/CVE-2024-33394"
},
{
"category": "external",
"summary": "SUSE Bug 1223965 for CVE-2024-33394",
"url": "https://bugzilla.suse.com/1223965"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kubevirt-container-disk-1.2.2-2.1.aarch64",
"openSUSE Tumbleweed:kubevirt-container-disk-1.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:kubevirt-container-disk-1.2.2-2.1.s390x",
"openSUSE Tumbleweed:kubevirt-container-disk-1.2.2-2.1.x86_64",
"openSUSE Tumbleweed:kubevirt-manifests-1.2.2-2.1.aarch64",
"openSUSE Tumbleweed:kubevirt-manifests-1.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:kubevirt-manifests-1.2.2-2.1.s390x",
"openSUSE Tumbleweed:kubevirt-manifests-1.2.2-2.1.x86_64",
"openSUSE Tumbleweed:kubevirt-pr-helper-conf-1.2.2-2.1.aarch64",
"openSUSE Tumbleweed:kubevirt-pr-helper-conf-1.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:kubevirt-pr-helper-conf-1.2.2-2.1.s390x",
"openSUSE Tumbleweed:kubevirt-pr-helper-conf-1.2.2-2.1.x86_64",
"openSUSE Tumbleweed:kubevirt-tests-1.2.2-2.1.aarch64",
"openSUSE Tumbleweed:kubevirt-tests-1.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:kubevirt-tests-1.2.2-2.1.s390x",
"openSUSE Tumbleweed:kubevirt-tests-1.2.2-2.1.x86_64",
"openSUSE Tumbleweed:kubevirt-virt-api-1.2.2-2.1.aarch64",
"openSUSE Tumbleweed:kubevirt-virt-api-1.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:kubevirt-virt-api-1.2.2-2.1.s390x",
"openSUSE Tumbleweed:kubevirt-virt-api-1.2.2-2.1.x86_64",
"openSUSE Tumbleweed:kubevirt-virt-controller-1.2.2-2.1.aarch64",
"openSUSE Tumbleweed:kubevirt-virt-controller-1.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:kubevirt-virt-controller-1.2.2-2.1.s390x",
"openSUSE Tumbleweed:kubevirt-virt-controller-1.2.2-2.1.x86_64",
"openSUSE Tumbleweed:kubevirt-virt-exportproxy-1.2.2-2.1.aarch64",
"openSUSE Tumbleweed:kubevirt-virt-exportproxy-1.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:kubevirt-virt-exportproxy-1.2.2-2.1.s390x",
"openSUSE Tumbleweed:kubevirt-virt-exportproxy-1.2.2-2.1.x86_64",
"openSUSE Tumbleweed:kubevirt-virt-exportserver-1.2.2-2.1.aarch64",
"openSUSE Tumbleweed:kubevirt-virt-exportserver-1.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:kubevirt-virt-exportserver-1.2.2-2.1.s390x",
"openSUSE Tumbleweed:kubevirt-virt-exportserver-1.2.2-2.1.x86_64",
"openSUSE Tumbleweed:kubevirt-virt-handler-1.2.2-2.1.aarch64",
"openSUSE Tumbleweed:kubevirt-virt-handler-1.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:kubevirt-virt-handler-1.2.2-2.1.s390x",
"openSUSE Tumbleweed:kubevirt-virt-handler-1.2.2-2.1.x86_64",
"openSUSE Tumbleweed:kubevirt-virt-launcher-1.2.2-2.1.aarch64",
"openSUSE Tumbleweed:kubevirt-virt-launcher-1.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:kubevirt-virt-launcher-1.2.2-2.1.s390x",
"openSUSE Tumbleweed:kubevirt-virt-launcher-1.2.2-2.1.x86_64",
"openSUSE Tumbleweed:kubevirt-virt-operator-1.2.2-2.1.aarch64",
"openSUSE Tumbleweed:kubevirt-virt-operator-1.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:kubevirt-virt-operator-1.2.2-2.1.s390x",
"openSUSE Tumbleweed:kubevirt-virt-operator-1.2.2-2.1.x86_64",
"openSUSE Tumbleweed:kubevirt-virtctl-1.2.2-2.1.aarch64",
"openSUSE Tumbleweed:kubevirt-virtctl-1.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:kubevirt-virtctl-1.2.2-2.1.s390x",
"openSUSE Tumbleweed:kubevirt-virtctl-1.2.2-2.1.x86_64",
"openSUSE Tumbleweed:obs-service-kubevirt_containers_meta-1.2.2-2.1.aarch64",
"openSUSE Tumbleweed:obs-service-kubevirt_containers_meta-1.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:obs-service-kubevirt_containers_meta-1.2.2-2.1.s390x",
"openSUSE Tumbleweed:obs-service-kubevirt_containers_meta-1.2.2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kubevirt-container-disk-1.2.2-2.1.aarch64",
"openSUSE Tumbleweed:kubevirt-container-disk-1.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:kubevirt-container-disk-1.2.2-2.1.s390x",
"openSUSE Tumbleweed:kubevirt-container-disk-1.2.2-2.1.x86_64",
"openSUSE Tumbleweed:kubevirt-manifests-1.2.2-2.1.aarch64",
"openSUSE Tumbleweed:kubevirt-manifests-1.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:kubevirt-manifests-1.2.2-2.1.s390x",
"openSUSE Tumbleweed:kubevirt-manifests-1.2.2-2.1.x86_64",
"openSUSE Tumbleweed:kubevirt-pr-helper-conf-1.2.2-2.1.aarch64",
"openSUSE Tumbleweed:kubevirt-pr-helper-conf-1.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:kubevirt-pr-helper-conf-1.2.2-2.1.s390x",
"openSUSE Tumbleweed:kubevirt-pr-helper-conf-1.2.2-2.1.x86_64",
"openSUSE Tumbleweed:kubevirt-tests-1.2.2-2.1.aarch64",
"openSUSE Tumbleweed:kubevirt-tests-1.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:kubevirt-tests-1.2.2-2.1.s390x",
"openSUSE Tumbleweed:kubevirt-tests-1.2.2-2.1.x86_64",
"openSUSE Tumbleweed:kubevirt-virt-api-1.2.2-2.1.aarch64",
"openSUSE Tumbleweed:kubevirt-virt-api-1.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:kubevirt-virt-api-1.2.2-2.1.s390x",
"openSUSE Tumbleweed:kubevirt-virt-api-1.2.2-2.1.x86_64",
"openSUSE Tumbleweed:kubevirt-virt-controller-1.2.2-2.1.aarch64",
"openSUSE Tumbleweed:kubevirt-virt-controller-1.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:kubevirt-virt-controller-1.2.2-2.1.s390x",
"openSUSE Tumbleweed:kubevirt-virt-controller-1.2.2-2.1.x86_64",
"openSUSE Tumbleweed:kubevirt-virt-exportproxy-1.2.2-2.1.aarch64",
"openSUSE Tumbleweed:kubevirt-virt-exportproxy-1.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:kubevirt-virt-exportproxy-1.2.2-2.1.s390x",
"openSUSE Tumbleweed:kubevirt-virt-exportproxy-1.2.2-2.1.x86_64",
"openSUSE Tumbleweed:kubevirt-virt-exportserver-1.2.2-2.1.aarch64",
"openSUSE Tumbleweed:kubevirt-virt-exportserver-1.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:kubevirt-virt-exportserver-1.2.2-2.1.s390x",
"openSUSE Tumbleweed:kubevirt-virt-exportserver-1.2.2-2.1.x86_64",
"openSUSE Tumbleweed:kubevirt-virt-handler-1.2.2-2.1.aarch64",
"openSUSE Tumbleweed:kubevirt-virt-handler-1.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:kubevirt-virt-handler-1.2.2-2.1.s390x",
"openSUSE Tumbleweed:kubevirt-virt-handler-1.2.2-2.1.x86_64",
"openSUSE Tumbleweed:kubevirt-virt-launcher-1.2.2-2.1.aarch64",
"openSUSE Tumbleweed:kubevirt-virt-launcher-1.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:kubevirt-virt-launcher-1.2.2-2.1.s390x",
"openSUSE Tumbleweed:kubevirt-virt-launcher-1.2.2-2.1.x86_64",
"openSUSE Tumbleweed:kubevirt-virt-operator-1.2.2-2.1.aarch64",
"openSUSE Tumbleweed:kubevirt-virt-operator-1.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:kubevirt-virt-operator-1.2.2-2.1.s390x",
"openSUSE Tumbleweed:kubevirt-virt-operator-1.2.2-2.1.x86_64",
"openSUSE Tumbleweed:kubevirt-virtctl-1.2.2-2.1.aarch64",
"openSUSE Tumbleweed:kubevirt-virtctl-1.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:kubevirt-virtctl-1.2.2-2.1.s390x",
"openSUSE Tumbleweed:kubevirt-virtctl-1.2.2-2.1.x86_64",
"openSUSE Tumbleweed:obs-service-kubevirt_containers_meta-1.2.2-2.1.aarch64",
"openSUSE Tumbleweed:obs-service-kubevirt_containers_meta-1.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:obs-service-kubevirt_containers_meta-1.2.2-2.1.s390x",
"openSUSE Tumbleweed:obs-service-kubevirt_containers_meta-1.2.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-20T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-33394"
}
]
}
MSRC_CVE-2024-33394
Vulnerability from csaf_microsoft - Published: 2024-05-02 07:00 - Updated: 2025-09-03 23:00Summary
An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component.
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2024-33394 An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2024/msrc_cve-2024-33394.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component.",
"tracking": {
"current_release_date": "2025-09-03T23:00:32.000Z",
"generator": {
"date": "2025-10-20T01:36:29.131Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2024-33394",
"initial_release_date": "2024-05-02T07:00:00.000Z",
"revision_history": [
{
"date": "2025-09-03T23:00:32.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 kubevirt 1.2.0-18",
"product": {
"name": "\u003cazl3 kubevirt 1.2.0-18",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "azl3 kubevirt 1.2.0-18",
"product": {
"name": "azl3 kubevirt 1.2.0-18",
"product_id": "20229"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 kubevirt 0.59.0-28",
"product": {
"name": "\u003ccbl2 kubevirt 0.59.0-28",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "cbl2 kubevirt 0.59.0-28",
"product": {
"name": "cbl2 kubevirt 0.59.0-28",
"product_id": "19782"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 kubevirt 0.59.0-30",
"product": {
"name": "\u003ccbl2 kubevirt 0.59.0-30",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cbl2 kubevirt 0.59.0-30",
"product": {
"name": "cbl2 kubevirt 0.59.0-30",
"product_id": "20390"
}
}
],
"category": "product_name",
"name": "kubevirt"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 kubevirt 1.2.0-18 as a component of Azure Linux 3.0",
"product_id": "17084-2"
},
"product_reference": "2",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 kubevirt 1.2.0-18 as a component of Azure Linux 3.0",
"product_id": "20229-17084"
},
"product_reference": "20229",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 kubevirt 0.59.0-28 as a component of CBL Mariner 2.0",
"product_id": "17086-3"
},
"product_reference": "3",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 kubevirt 0.59.0-28 as a component of CBL Mariner 2.0",
"product_id": "19782-17086"
},
"product_reference": "19782",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 kubevirt 0.59.0-30 as a component of CBL Mariner 2.0",
"product_id": "17086-1"
},
"product_reference": "1",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 kubevirt 0.59.0-30 as a component of CBL Mariner 2.0",
"product_id": "20390-17086"
},
"product_reference": "20390",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-33394",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0026#39;Code Injection\u0026#39;)"
},
"notes": [
{
"category": "general",
"text": "mitre",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"20229-17084",
"19782-17086",
"20390-17086"
],
"known_affected": [
"17084-2",
"17086-3",
"17086-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-33394 An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2024/msrc_cve-2024-33394.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-03T23:00:32.000Z",
"details": "1.5.0-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-2"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-09-03T23:00:32.000Z",
"details": "0.59.0-29:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-3"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-09-03T23:00:32.000Z",
"details": "0.59.0-30:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalsScore": 0.0,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.9,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"17084-2",
"17086-3",
"17086-1"
]
}
],
"title": "An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component."
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…