CVE-2020-1701

Name of the Vulnerable Software and Affected Versions: KubeVirt versions prior to 0.26.0

Description: A flaw was found in the KubeVirt main virt-handler regarding access permissions, allowing an attacker with access to create VMs to attach any secret within their namespace and read its contents. This issue concerns a permissions bypass in KubeVirt.

Recommendations: For versions prior to 0.26.0, update to version 0.26.0 or later to resolve the issue. As a temporary workaround, consider restricting access to create VMs and secrets within namespaces to minimize the risk of exploitation.