CVE-2024-31419 MEDIUM

CVE-2024-31419: Cnv: information disclosure through the usage of vm-dump-metrics

Vendor Red Hat
Product Red Hat OpenShift Virtualization 4
Weakness CWE-497
Published April 3, 2024
Last update November 21, 2025

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

An information disclosure flaw was found in OpenShift Virtualization. The DownwardMetrics feature was introduced to expose host metrics to virtual machine guests and is enabled by default. This issue could expose limited host metrics of a node to any guest in any namespace without being explicitly enabled by an administrator.

Key dates

02Disclosure timeline

April 3, 2024 CVE published
November 21, 2025 Record updated