1 results (0.006 seconds)
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 1
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-3841
https://notcve.org/view.php?id=CVE-2019-3841
25 Mar 2019 — Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were reported to disable TLS certificate validation when importing data into PVCs from container registries. This could enable man-in-the-middle attacks between a container registry and the virt-cdi-component, leading to possible undetected tampering of trusted container image content. Se reportó que kubevirt/virt-cdi-importer, desde la versión 1.4.0 hasta la 1.5.3 ambas incluidas, deshabilitaba la validación del certificado TLS al importar dato... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3841 • CWE-295: Improper Certificate Validation •