Search criteria

1 vulnerability by konveyor

CVE-2021-3948 (GCVE-0-2021-3948)

Vulnerability from cvelistv5 – Published: 2022-02-18 00:00 – Updated: 2024-08-03 17:09
VLAI
Summary
An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster.
Severity
No CVSS data available.
CWE
Assigner
References
Impacted products
Vendor Product Version
n/a mig-controller Affected: konveyor/mig-controller release-1.5.2, konveyor/mig-controller release-1.6.3
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:09:09.782Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022017"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mig-controller",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "konveyor/mig-controller release-1.5.2, konveyor/mig-controller release-1.6.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-07T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022017"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-3948",
    "datePublished": "2022-02-18T00:00:00.000Z",
    "dateReserved": "2021-11-11T00:00:00.000Z",
    "dateUpdated": "2024-08-03T17:09:09.782Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}