KubeVirt maintainers published a security advisory this autumn describing an authentication-bypass in the aggregation-layer handling inside the virt-api component that can let an attacker impersonate the Kubernetes API server and bypass RBAC when a small set of preconditions exist. Background /...
