CVE-2019-10175

2025-06-10 02:04:31 +00:00 · 2019-06-28 08:45:11 +02:00 · 2019-06-28 08:45:11 +02:00 · b5e607b736
commit b5e607b736
parent 0361e7dd8f
1 changed files with 65 additions and 4 deletions
--- a/2019/10xxx/CVE-2019-10175.json
+++ b/2019/10xxx/CVE-2019-10175.json
@ -4,15 +4,76 @@
    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2019-10175",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "mrehak@redhat.com"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "KubeVirt",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "containerized-data-importer",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "virt-cdi-cloner 1.4"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-284"
+                    }
+                ]
+            },
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-200"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10175",
+                "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10175",
+                "refsource": "CONFIRM"
+            }
+        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A flaw was found in the containerized-data-importer in virt-cdi-cloner, version 1.4, where the host-assisted cloning feature does not determine whether the requesting user has permission to access the Persistent Volume Claim (PVC) in the source namespace. This could allow users to clone any PVC in the cluster into their own namespace, effectively allowing access to other user's data."
            }
        ]
+    },
+    "impact": {
+        "cvss": [
+            [
+                {
+                    "vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+                    "version": "3.0"
+                }
+            ]
+        ]
    }
-}
+}