Aglitke

**Name of the Vulnerable Software and Affected Versions** Kubevirt/virt-cdi-importer versions 1.4.0 through 1.5.3 **Description** The issue is related to incorrect authentication of a certificate in the data import service of Kubevirt, which could allow a remote attacker to perform a man-in-the-middle attack. This attack could occur between a container registry and the virt-cdi-component, potentially leading to undetected tampering of trusted container image content. **Recommendations** For versions 1.4.0 through 1.5.3, consider disabling the TLS certificate validation disabling feature in the virt-cdi-importer until a patch is available, or restrict access to the container registries to minimize the risk of exploitation.