KubeVirt Role-Based Access Control Vulnerability Allowing Unauthorized Subresource Access

A vulnerability exists in KubeVirt's Role-Based Access Control (RBAC) evaluation logic, where the authorization mechanism incorrectly truncates subresource names. This flaw leads to improper permission evaluations, allowing authenticated users with certain custom roles to access subresources without authorization. Such access could result in the disclosure of sensitive information or the ability to perform actions that are not permitted. Additionally, this vulnerability may cause legitimate users to be denied access to resources.

Impact

Exploitation of this vulnerability could lead to unauthorized access to subresources, allowing for the disclosure of sensitive information or the performance of actions outside of granted permissions. It could also result in legitimate users being unjustly denied access to resources.