TLS Certificate Validation Flaw in Kubevirt’s Data Importer Component
CVE-2019-3841

7.4HIGH

Key Information:

Vendor: The Kubevirt Project
Status: Kubevirt/virt-cdi-importer
Vendor: CVE Published:; 25 March 2019

🔔 Create The Kubevirt Project Vulnerability Alert

What is CVE-2019-3841?

Versions of Kubevirt’s virt-cdi-importer from 1.4.0 to 1.5.3 inclusive exhibit a vulnerability where TLS certificate validation is disabled. This flaw occurs during the importation of data into Persistent Volume Claims (PVCs) from container registries. As a result, this vulnerability allows potential man-in-the-middle attacks, enabling unauthorized interception and alteration of container image content without detection. The lack of proper validation poses significant security risks, as attackers can manipulate trusted images, jeopardizing the integrity of the environment.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

kubevirt/virt-cdi-importer from 1.4.0 to 1.5.3 inclusive

References

https://github.com/kubevirt/containerized-data-importer/i...

x_refsource_MISC

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3841

x_refsource_CONFIRM

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 25, 2019
Vulnerability Reserved
Jan 3, 2019

JSON

The Kubevirt Project

What is CVE-2019-3841?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.