CVE-2021-3948

An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster.

Published: Feb 18, 2022
Updated: Apr 14, 2023
CVE: CVE-2021-3948
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.3
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-276

Affected Software
References

Software	From	Fixed in
konveyor / mig-controller	1.6.0	1.6.3
konveyor / mig-controller	-	1.5.2
redhat / migration_toolkit	1.0	1.0.x
redhat / migration_toolkit	1.6	1.6.x
redhat / migration_toolkit	1.5	1.5.x

https://bugzilla.redhat.com/show_bug.cgi?id=2022017

Vulnerability Database

289,599

CVE-2021-3948