{"id":"CVE-2022-1798","details":"A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/\u003c\u003e is not accessible.","modified":"2026-03-13T05:20:19.928198Z","published":"2022-09-15T16:15:10.107Z","related":["GHSA-qv98-3369-g364","SUSE-SU-2022:3321-1","SUSE-SU-2022:3333-1"],"references":[{"type":"FIX","url":"https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kubevirt/kubevirt","events":[{"introduced":"7ca2ed8f64c6d55be9baff93bcac8585b1a18575"},{"fixed":"280bf4114be52fdae27db0e946a8245e9dcfc6f1"}],"database_specific":{"versions":[{"introduced":"0.20.0"},{"fixed":"0.55.1"}]}}],"versions":["v0.20.0","v0.21.0","v0.22.0","v0.23.0","v0.24.0","v0.25.0","v0.25.0-rc.0","v0.26.0","v0.26.0-rc.0","v0.26.1","v0.27.0","v0.27.0-rc.0","v0.28.0","v0.28.0-rc.0","v0.28.0-rc.1","v0.28.0-rc.2","v0.29.0","v0.29.0-rc.0","v0.29.0-rc.1","v0.30.0","v0.30.0-rc.0","v0.30.0-rc.1","v0.30.0-rc.2","v0.30.0-rc.3","v0.30.0-rc.4","v0.31.0","v0.31.0-rc.1","v0.32.0-rc.1","v0.33.0-rc.0","v0.34.0-rc.0","v0.35.0","v0.35.0-rc.0","v0.36.0-rc.0","v0.37.0-rc.0","v0.38.0","v0.38.0-rc.0","v0.39.0-rc.0","v0.40.0-rc.0","v0.41.0-rc.0","v0.42.0","v0.42.0-rc.0","v0.43.0-rc.0","v0.43.1-rc.1","v0.44.0","v0.44.0-rc.0","v0.45.0","v0.45.0-rc.0","v0.46.0","v0.46.0-rc.0","v0.47.0-rc.0","v0.48.0","v0.48.0-rc.0","v0.49.0","v0.49.0-rc.0","v0.50.0","v0.50.0-rc.0","v0.51.0","v0.51.0-rc.0","v0.52.0","v0.52.0-rc.0","v0.53.0","v0.53.0-rc.0","v0.54.0","v0.54.0-rc.0","v0.55.0","v0.55.0-rc.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-1798.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}]}