x/vulndb: potential Go vuln in kubevirt.io/kubevirt: GHSA-849r-8wvp-4wwg

[GoVulnBot]

In GitHub Security Advisory GHSA-849r-8wvp-4wwg, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
kubevirt.io/kubevirt	0.26.0	< 0.26.0

Cross references:

• Module kubevirt.io/kubevirt appears in issue x/vulndb: potential Go vuln in kubevirt.io/kubevirt: CVE-2022-1798, GHSA-cvx8-ppmc-78hm #954 NOT_IMPORTABLE
• Module kubevirt.io/kubevirt appears in issue x/vulndb: potential Go vuln in kubevirt.io/kubevirt: GHSA-qv98-3369-g364 #1000 EFFECTIVELY_PRIVATE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: kubevirt.io/kubevirt
      versions:
        - fixed: 0.26.0
      vulnerable_at: 0.26.0-rc.0
      packages:
        - package: kubevirt.io/kubevirt
summary: Permissions bypass in KubeVirt in kubevirt.io/kubevirt
cves:
    - CVE-2020-1701
ghsas:
    - GHSA-849r-8wvp-4wwg
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2020-1701
    - report: https://github.com/kubevirt/kubevirt/issues/2967
    - web: https://bugzilla.redhat.com/show_bug.cgi?id=1792092
    - fix: https://github.com/kubevirt/containerized-data-importer/pull/1098
    - fix: https://github.com/kubevirt/kubevirt/pull/3001
    - fix: https://github.com/kubevirt/kubevirt/commit/9efa8d7388d4fe1c698c6980aa7122c06bd141be
    - advisory: https://github.com/advisories/GHSA-849r-8wvp-4wwg
source:
    id: GHSA-849r-8wvp-4wwg

[gopherbot]

Change https://go.dev/cl/586484 mentions this issue: data/reports: add 73 unreviewed reports

[gopherbot]

Change https://go.dev/cl/590039 mentions this issue: data/reports: add 51 reports