CVE-2024-31419— Cnv: information disclosure through the usage of vm-dump-metrics

CVSS 4.3 · Medium EPSS 0.14% · P34 Updated Feb 26, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-31419

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Cnv: information disclosure through the usage of vm-dump-metrics

Source: NVD (National Vulnerability Database)

Vulnerability Description

An information disclosure flaw was found in OpenShift Virtualization. The DownwardMetrics feature was introduced to expose host metrics to virtual machine guests and is enabled by default. This issue could expose limited host metrics of a node to any guest in any namespace without being explicitly enabled by an administrator.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

将系统数据暴露到未授权控制的范围

Source: NVD (National Vulnerability Database)

Vulnerability Title

Red Hat OpenShift Virtualization 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Red Hat OpenShift Virtualization是美国红帽（Red Hat）公司的一个组件，允许在 OpenShift 上运行虚拟机（VM），并将容器和虚拟化资源整合在同一平台上。 Red Hat OpenShift Virtualization存在安全漏洞，该漏洞源于存在信息泄露漏洞。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Red Hat	Red Hat OpenShift Virtualization 4	-	`cpe:/a:redhat:container_native_virtualization:4`

II. Public POCs for CVE-2024-31419

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-31419

请登录查看更多情报信息。

https://access.redhat.com/security/cve/CVE-2024-31419vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2272948issue-trackingx_refsource_REDHAT
https://nvd.nist.gov/vuln/detail/CVE-2024-31419

IV. Related Vulnerabilities

Same weakness: CWE-497

V. Comments for CVE-2024-31419

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-31419— Cnv: information disclosure through the usage of vm-dump-metrics

I. Basic Information for CVE-2024-31419

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-31419

III. Intelligence Information for CVE-2024-31419

IV. Related Vulnerabilities

V. Comments for CVE-2024-31419

Leave a comment