Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-3948 (GCVE-0-2021-3948)
Vulnerability from cvelistv5 – Published: 2022-02-18 00:00 – Updated: 2024-08-03 17:09
VLAI
EPSS
Summary
An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | mig-controller |
Affected:
konveyor/mig-controller release-1.5.2, konveyor/mig-controller release-1.6.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.782Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022017"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mig-controller",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "konveyor/mig-controller release-1.5.2, konveyor/mig-controller release-1.6.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022017"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3948",
"datePublished": "2022-02-18T00:00:00.000Z",
"dateReserved": "2021-11-11T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:09:09.782Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-3948",
"date": "2026-05-27",
"epss": "0.00192",
"percentile": "0.40786"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:konveyor:mig-controller:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.5.2\", \"matchCriteriaId\": \"2BEBE197-19F0-4738-AE21-715296E05F63\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:konveyor:mig-controller:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.6.0\", \"versionEndExcluding\": \"1.6.3\", \"matchCriteriaId\": \"0AC4AD97-DD8E-4849-856D-B9264FC21F47\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:migration_toolkit:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7064499F-9063-4181-A26F-A3476C46CFE9\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:migration_toolkit:1.5:*:*:*:*:containers:*:*\", \"matchCriteriaId\": \"9CF0EEAC-161B-474A-A3C9-81C1A06A2243\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:migration_toolkit:1.6:*:*:*:*:containers:*:*\", \"matchCriteriaId\": \"9D54CFEF-50FA-4696-B306-3FDC31280C61\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster.\"}, {\"lang\": \"es\", \"value\": \"Se ha encontrado una vulnerabilidad de permisos por defecto incorrectos en el controlador mig. Debido a un manejo incorrecto de espacios de nombres del cluster, un atacante puede ser capaz de migrar una carga de trabajo maliciosa al cluster de destino, impactando la confidencialidad, integridad y disponibilidad de los servicios ubicados en ese cluster\"}]",
"id": "CVE-2021-3948",
"lastModified": "2024-11-21T06:23:13.213",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\", \"baseScore\": 6.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2022-02-18T18:15:09.833",
"references": "[{\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2022017\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2022017\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-276\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-276\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-3948\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2022-02-18T18:15:09.833\",\"lastModified\":\"2024-11-21T06:23:13.213\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster.\"},{\"lang\":\"es\",\"value\":\"Se ha encontrado una vulnerabilidad de permisos por defecto incorrectos en el controlador mig. Debido a un manejo incorrecto de espacios de nombres del cluster, un atacante puede ser capaz de migrar una carga de trabajo maliciosa al cluster de destino, impactando la confidencialidad, integridad y disponibilidad de los servicios ubicados en ese cluster\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":3.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-276\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-276\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:konveyor:mig-controller:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.5.2\",\"matchCriteriaId\":\"2BEBE197-19F0-4738-AE21-715296E05F63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:konveyor:mig-controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.6.0\",\"versionEndExcluding\":\"1.6.3\",\"matchCriteriaId\":\"0AC4AD97-DD8E-4849-856D-B9264FC21F47\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:migration_toolkit:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7064499F-9063-4181-A26F-A3476C46CFE9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:migration_toolkit:1.5:*:*:*:*:containers:*:*\",\"matchCriteriaId\":\"9CF0EEAC-161B-474A-A3C9-81C1A06A2243\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:migration_toolkit:1.6:*:*:*:*:containers:*:*\",\"matchCriteriaId\":\"9D54CFEF-50FA-4696-B306-3FDC31280C61\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2022017\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2022017\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
FKIE_CVE-2021-3948
Vulnerability from fkie_nvd - Published: 2022-02-18 18:15 - Updated: 2024-11-21 06:23
Severity
Summary
An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2022017 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2022017 | Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| konveyor | mig-controller | * | |
| konveyor | mig-controller | * | |
| redhat | migration_toolkit | 1.0 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | migration_toolkit | 1.5 | |
| redhat | migration_toolkit | 1.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:konveyor:mig-controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BEBE197-19F0-4738-AE21-715296E05F63",
"versionEndExcluding": "1.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:konveyor:mig-controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC4AD97-DD8E-4849-856D-B9264FC21F47",
"versionEndExcluding": "1.6.3",
"versionStartIncluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:migration_toolkit:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7064499F-9063-4181-A26F-A3476C46CFE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:migration_toolkit:1.5:*:*:*:*:containers:*:*",
"matchCriteriaId": "9CF0EEAC-161B-474A-A3C9-81C1A06A2243",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:migration_toolkit:1.6:*:*:*:*:containers:*:*",
"matchCriteriaId": "9D54CFEF-50FA-4696-B306-3FDC31280C61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad de permisos por defecto incorrectos en el controlador mig. Debido a un manejo incorrecto de espacios de nombres del cluster, un atacante puede ser capaz de migrar una carga de trabajo maliciosa al cluster de destino, impactando la confidencialidad, integridad y disponibilidad de los servicios ubicados en ese cluster"
}
],
"id": "CVE-2021-3948",
"lastModified": "2024-11-21T06:23:13.213",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-18T18:15:09.833",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022017"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-6G8X-W285-C7M5
Vulnerability from github – Published: 2022-02-19 00:01 – Updated: 2022-10-07 18:15
VLAI
Details
An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster.
Severity
6.3 (Medium)
{
"affected": [],
"aliases": [
"CVE-2021-3948"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-18T18:15:00Z",
"severity": "MODERATE"
},
"details": "An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster.",
"id": "GHSA-6g8x-w285-c7m5",
"modified": "2022-10-07T18:15:55Z",
"published": "2022-02-19T00:01:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3948"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022017"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GSD-2021-3948
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-3948",
"description": "An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster.",
"id": "GSD-2021-3948",
"references": [
"https://access.redhat.com/errata/RHSA-2022:0202",
"https://access.redhat.com/errata/RHSA-2021:4848"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-3948"
],
"details": "An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster.",
"id": "GSD-2021-3948",
"modified": "2023-12-13T01:23:34.260980Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mig-controller",
"version": {
"version_data": [
{
"version_value": "konveyor/mig-controller release-1.5.2, konveyor/mig-controller release-1.6.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2022017",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022017"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:konveyor:mig-controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.6.3",
"versionStartIncluding": "1.6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:konveyor:mig-controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.5.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:migration_toolkit:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:migration_toolkit:1.6:*:*:*:*:containers:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:migration_toolkit:1.5:*:*:*:*:containers:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3948"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2022017",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022017"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
},
"lastModifiedDate": "2022-12-03T01:52Z",
"publishedDate": "2022-02-18T18:15Z"
}
}
}
RHSA-2021:4848
Vulnerability from csaf_redhat - Published: 2021-11-29 14:32 - Updated: 2026-05-12 20:32Summary
Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.5.2 security update and bugfix advisory
Severity
Moderate
Notes
Topic: The Migration Toolkit for Containers (MTC) 1.5.2 is now available.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details: The Migration Toolkit for Containers (MTC) enables you to migrate
Kubernetes resources, persistent volume data, and internal container images
between OpenShift Container Platform clusters, using the MTC web console or
the Kubernetes API.
Security Fix(es):
* nodejs-immer: prototype pollution may lead to DoS or remote code execution (CVE-2021-3757)
* mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in immer when manipulates object attributes such as _proto_, constructor and prototype. An attacker can manipulate these values by overwriting and polluting them. Those attributes would be inherited by JavaScript objects which could trigger exception handlers and leading into a denial of service attack.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64 | — |
Vendor Fix
fix
|
Known not affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64 | — |
Threats
Impact
Low
An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster.
6.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64 | — |
Vendor Fix
fix
|
Known not affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64 | — |
Threats
Impact
Moderate
References
17 references
Acknowledgments
Red Hat
Andrew Collins
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The Migration Toolkit for Containers (MTC) 1.5.2 is now available.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API.\n\nSecurity Fix(es):\n\n* nodejs-immer: prototype pollution may lead to DoS or remote code execution (CVE-2021-3757)\n\n* mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:4848",
"url": "https://access.redhat.com/errata/RHSA-2021:4848"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2000734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000734"
},
{
"category": "external",
"summary": "2005438",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005438"
},
{
"category": "external",
"summary": "2006842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006842"
},
{
"category": "external",
"summary": "2007429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007429"
},
{
"category": "external",
"summary": "2022017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022017"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4848.json"
}
],
"title": "Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.5.2 security update and bugfix advisory",
"tracking": {
"current_release_date": "2026-05-12T20:32:13+00:00",
"generator": {
"date": "2026-05-12T20:32:13+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.9"
}
},
"id": "RHSA-2021:4848",
"initial_release_date": "2021-11-29T14:32:07+00:00",
"revision_history": [
{
"date": "2021-11-29T14:32:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-11-29T14:32:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-12T20:32:13+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "8Base-RHMTC-1.5",
"product": {
"name": "8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhmt:1.5::el8"
}
}
},
{
"category": "product_name",
"name": "7Server-RHMTC-1.5",
"product": {
"name": "7Server-RHMTC-1.5",
"product_id": "7Server-RHMTC-1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhmt:1.5::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Migration Toolkit"
},
{
"branches": [
{
"category": "product_version",
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"product": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"product_id": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8\u0026tag=v1.5.2-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"product": {
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"product_id": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-legacy-rhel8-operator\u0026tag=v1.5.2-8"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"product": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"product_id": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8\u0026tag=v1.5.2-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"product": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"product_id": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8\u0026tag=v1.5.2-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"product": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"product_id": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle\u0026tag=v1.5.2-15"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"product": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"product_id": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8\u0026tag=v1.5.2-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"product": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"product_id": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8\u0026tag=v1.5.2-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"product": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"product_id": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8\u0026tag=v1.5.2-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"product_id": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-rhel8\u0026tag=v1.5.2-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-aws-rhel8\u0026tag=v1.5.2-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8\u0026tag=v1.5.2-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8\u0026tag=v1.5.2-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"product_id": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-restic-restore-helper-rhel8\u0026tag=v1.5.2-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64",
"product": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64",
"product_id": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-velero-plugin-rhel8\u0026tag=v1.5.2-3"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64 as a component of 7Server-RHMTC-1.5",
"product_id": "7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64"
},
"product_reference": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"relates_to_product_reference": "7Server-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64"
},
"product_reference": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64"
},
"product_reference": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64"
},
"product_reference": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64"
},
"product_reference": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64"
},
"product_reference": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64"
},
"product_reference": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64"
},
"product_reference": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
},
"product_reference": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3757",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2021-09-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2000734"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in immer when manipulates object attributes such as _proto_, constructor and prototype. An attacker can manipulate these values by overwriting and polluting them. Those attributes would be inherited by JavaScript objects which could trigger exception handlers and leading into a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-immer: prototype pollution may lead to DoS or remote code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP) and OpenShift Migration Toolkit for Containers (MTC), the affected components are behind OpenShift OAuth authentication. This restricts access to the vulnerable nodejs-immer library to authenticated users only, therefore the impact is Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64"
],
"known_not_affected": [
"7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3757"
},
{
"category": "external",
"summary": "RHBZ#2000734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3757",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3757"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3757",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3757"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa",
"url": "https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa"
}
],
"release_date": "2021-08-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-29T14:32:07+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4848"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-immer: prototype pollution may lead to DoS or remote code execution"
},
{
"acknowledgments": [
{
"names": [
"Andrew Collins"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2021-3948",
"cwe": {
"id": "CWE-276",
"name": "Incorrect Default Permissions"
},
"discovery_date": "2021-11-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2022017"
}
],
"notes": [
{
"category": "description",
"text": "An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64"
],
"known_not_affected": [
"7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3948"
},
{
"category": "external",
"summary": "RHBZ#2022017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022017"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3948",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3948"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3948",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3948"
}
],
"release_date": "2021-11-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-29T14:32:07+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4848"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)"
}
]
}
RHSA-2021_4848
Vulnerability from csaf_redhat - Published: 2021-11-29 14:32 - Updated: 2024-11-22 17:29Summary
Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.5.2 security update and bugfix advisory
Severity
Moderate
Notes
Topic: The Migration Toolkit for Containers (MTC) 1.5.2 is now available.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details: The Migration Toolkit for Containers (MTC) enables you to migrate
Kubernetes resources, persistent volume data, and internal container images
between OpenShift Container Platform clusters, using the MTC web console or
the Kubernetes API.
Security Fix(es):
* nodejs-immer: prototype pollution may lead to DoS or remote code execution (CVE-2021-3757)
* mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in immer when manipulates object attributes such as _proto_, constructor and prototype. An attacker can manipulate these values by overwriting and polluting them. Those attributes would be inherited by JavaScript objects which could trigger exception handlers and leading into a denial of service attack.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64 | — |
Vendor Fix
fix
|
Known not affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64 | — |
Threats
Impact
Low
An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster.
6.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64 | — |
Vendor Fix
fix
|
Known not affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64 | — |
Threats
Impact
Moderate
References
17 references
Acknowledgments
Red Hat
Andrew Collins
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The Migration Toolkit for Containers (MTC) 1.5.2 is now available.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API.\n\nSecurity Fix(es):\n\n* nodejs-immer: prototype pollution may lead to DoS or remote code execution (CVE-2021-3757)\n\n* mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:4848",
"url": "https://access.redhat.com/errata/RHSA-2021:4848"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2000734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000734"
},
{
"category": "external",
"summary": "2005438",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005438"
},
{
"category": "external",
"summary": "2006842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006842"
},
{
"category": "external",
"summary": "2007429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007429"
},
{
"category": "external",
"summary": "2022017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022017"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4848.json"
}
],
"title": "Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.5.2 security update and bugfix advisory",
"tracking": {
"current_release_date": "2024-11-22T17:29:39+00:00",
"generator": {
"date": "2024-11-22T17:29:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2021:4848",
"initial_release_date": "2021-11-29T14:32:07+00:00",
"revision_history": [
{
"date": "2021-11-29T14:32:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-11-29T14:32:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T17:29:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "8Base-RHMTC-1.5",
"product": {
"name": "8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhmt:1.5::el8"
}
}
},
{
"category": "product_name",
"name": "7Server-RHMTC-1.5",
"product": {
"name": "7Server-RHMTC-1.5",
"product_id": "7Server-RHMTC-1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhmt:1.5::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Migration Toolkit"
},
{
"branches": [
{
"category": "product_version",
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"product": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"product_id": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8\u0026tag=v1.5.2-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"product": {
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"product_id": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-legacy-rhel8-operator\u0026tag=v1.5.2-8"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"product": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"product_id": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8\u0026tag=v1.5.2-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"product": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"product_id": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8\u0026tag=v1.5.2-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"product": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"product_id": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle\u0026tag=v1.5.2-15"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"product": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"product_id": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8\u0026tag=v1.5.2-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"product": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"product_id": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8\u0026tag=v1.5.2-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"product": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"product_id": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8\u0026tag=v1.5.2-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"product_id": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-rhel8\u0026tag=v1.5.2-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-aws-rhel8\u0026tag=v1.5.2-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8\u0026tag=v1.5.2-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8\u0026tag=v1.5.2-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"product_id": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-restic-restore-helper-rhel8\u0026tag=v1.5.2-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64",
"product": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64",
"product_id": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-velero-plugin-rhel8\u0026tag=v1.5.2-3"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64 as a component of 7Server-RHMTC-1.5",
"product_id": "7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64"
},
"product_reference": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"relates_to_product_reference": "7Server-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64"
},
"product_reference": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64"
},
"product_reference": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64"
},
"product_reference": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64"
},
"product_reference": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64"
},
"product_reference": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64"
},
"product_reference": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64"
},
"product_reference": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
},
"product_reference": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3757",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2021-09-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2000734"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in immer when manipulates object attributes such as _proto_, constructor and prototype. An attacker can manipulate these values by overwriting and polluting them. Those attributes would be inherited by JavaScript objects which could trigger exception handlers and leading into a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-immer: prototype pollution may lead to DoS or remote code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP) and OpenShift Migration Toolkit for Containers (MTC), the affected components are behind OpenShift OAuth authentication. This restricts access to the vulnerable nodejs-immer library to authenticated users only, therefore the impact is Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64"
],
"known_not_affected": [
"7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3757"
},
{
"category": "external",
"summary": "RHBZ#2000734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3757",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3757"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3757",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3757"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa",
"url": "https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa"
}
],
"release_date": "2021-08-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-29T14:32:07+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4848"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-immer: prototype pollution may lead to DoS or remote code execution"
},
{
"acknowledgments": [
{
"names": [
"Andrew Collins"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2021-3948",
"cwe": {
"id": "CWE-276",
"name": "Incorrect Default Permissions"
},
"discovery_date": "2021-11-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2022017"
}
],
"notes": [
{
"category": "description",
"text": "An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64"
],
"known_not_affected": [
"7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3948"
},
{
"category": "external",
"summary": "RHBZ#2022017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022017"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3948",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3948"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3948",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3948"
}
],
"release_date": "2021-11-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-29T14:32:07+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4848"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)"
}
]
}
RHSA-2022:0202
Vulnerability from csaf_redhat - Published: 2022-01-20 06:31 - Updated: 2025-11-21 18:27Summary
Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.6.3 security and bug fix update
Severity
Moderate
Notes
Topic: The Migration Toolkit for Containers (MTC) 1.6.3 is now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Security Fix(es):
* mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster.
6.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.6:rhmtc/openshift-migration-controller-rhel8@sha256:112ecc3cc6075008cab440b8d70d8874049c660b79911cff4060e9c948c1d55e_amd64 | — |
Vendor Fix
fix
|
Known not affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.6:rhmtc/openshift-migration-log-reader-rhel8@sha256:5fe9ef99bfc10b6998488b830e9226222666a7481862c6bc126924ff0cf4a07d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.6:rhmtc/openshift-migration-must-gather-rhel8@sha256:1ced3e33a3b8644595502bcb141de52643e1321959fa6d2a7b50355146a7c63e_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.6:rhmtc/openshift-migration-operator-bundle@sha256:0cd2afa67ba591346be07d94b888e43241007b8c627eb268f2a42726f48dfe01_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.6:rhmtc/openshift-migration-registry-rhel8@sha256:f5d0f384a19dcd66a9d209c195a5189f4c42aaea24aff1216d0b19b0a5042051_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.6:rhmtc/openshift-migration-rhel8-operator@sha256:16e16659f18d1667739feaba263c5f72d6d2f69330aeae9f21f2f1d9bd7f0b7d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.6:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2af554a778172618e94025ed3b1cf0b68669e9a6ffcc1306d25a6c9550711c9e_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.6:rhmtc/openshift-migration-ui-rhel8@sha256:4627aa27c2dc815b43ba31876d182bd68722580a5579887c0465ec992884ad07_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:2ced8362cb3814099759b2167ac06e592b3ee6f55b14655776cd10734ee7cc04_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:14b37e4ecb1f2dd45dc6b1c3c34e6a06de69608de1bfbb1028eb6e1333ff2051_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:13a932c4f7b94f04a121e212e2a7df6be2fe968aab3015b04bd687147ba5435a_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:224ce9f8cc81e9fbe06cb21d49f629dc77b42c39126f0d32464fb73784575f93_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-rhel8@sha256:bea0ea7d0296dd0a6977888ef92436b8e3e1f89aad1eb509243c047d776479c3_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.6:rhmtc/openshift-velero-plugin-rhel8@sha256:ad83f3ff0051133dd4f50d48cd22f488913db77c0e699abf6146af3a753ca3ea_amd64 | — |
Threats
Impact
Moderate
References
17 references
Acknowledgments
Red Hat
Andrew Collins
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The Migration Toolkit for Containers (MTC) 1.6.3 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.\n\nSecurity Fix(es):\n\n* mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:0202",
"url": "https://access.redhat.com/errata/RHSA-2022:0202"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2019088",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019088"
},
{
"category": "external",
"summary": "2021666",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2021666"
},
{
"category": "external",
"summary": "2021668",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2021668"
},
{
"category": "external",
"summary": "2022017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022017"
},
{
"category": "external",
"summary": "2024966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024966"
},
{
"category": "external",
"summary": "2027196",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027196"
},
{
"category": "external",
"summary": "2027382",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027382"
},
{
"category": "external",
"summary": "2028841",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2028841"
},
{
"category": "external",
"summary": "2031793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031793"
},
{
"category": "external",
"summary": "2039852",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039852"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0202.json"
}
],
"title": "Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.6.3 security and bug fix update",
"tracking": {
"current_release_date": "2025-11-21T18:27:59+00:00",
"generator": {
"date": "2025-11-21T18:27:59+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2022:0202",
"initial_release_date": "2022-01-20T06:31:23+00:00",
"revision_history": [
{
"date": "2022-01-20T06:31:23+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-01-20T06:31:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:27:59+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "8Base-RHMTC-1.6",
"product": {
"name": "8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhmt:1.6::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Migration Toolkit"
},
{
"branches": [
{
"category": "product_version",
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:112ecc3cc6075008cab440b8d70d8874049c660b79911cff4060e9c948c1d55e_amd64",
"product": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:112ecc3cc6075008cab440b8d70d8874049c660b79911cff4060e9c948c1d55e_amd64",
"product_id": "rhmtc/openshift-migration-controller-rhel8@sha256:112ecc3cc6075008cab440b8d70d8874049c660b79911cff4060e9c948c1d55e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-controller-rhel8@sha256:112ecc3cc6075008cab440b8d70d8874049c660b79911cff4060e9c948c1d55e?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8\u0026tag=v1.6.3-8"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:5fe9ef99bfc10b6998488b830e9226222666a7481862c6bc126924ff0cf4a07d_amd64",
"product": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:5fe9ef99bfc10b6998488b830e9226222666a7481862c6bc126924ff0cf4a07d_amd64",
"product_id": "rhmtc/openshift-migration-log-reader-rhel8@sha256:5fe9ef99bfc10b6998488b830e9226222666a7481862c6bc126924ff0cf4a07d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-log-reader-rhel8@sha256:5fe9ef99bfc10b6998488b830e9226222666a7481862c6bc126924ff0cf4a07d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8\u0026tag=v1.6.3-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:1ced3e33a3b8644595502bcb141de52643e1321959fa6d2a7b50355146a7c63e_amd64",
"product": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:1ced3e33a3b8644595502bcb141de52643e1321959fa6d2a7b50355146a7c63e_amd64",
"product_id": "rhmtc/openshift-migration-must-gather-rhel8@sha256:1ced3e33a3b8644595502bcb141de52643e1321959fa6d2a7b50355146a7c63e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-must-gather-rhel8@sha256:1ced3e33a3b8644595502bcb141de52643e1321959fa6d2a7b50355146a7c63e?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8\u0026tag=v1.6.3-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:16e16659f18d1667739feaba263c5f72d6d2f69330aeae9f21f2f1d9bd7f0b7d_amd64",
"product": {
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:16e16659f18d1667739feaba263c5f72d6d2f69330aeae9f21f2f1d9bd7f0b7d_amd64",
"product_id": "rhmtc/openshift-migration-rhel8-operator@sha256:16e16659f18d1667739feaba263c5f72d6d2f69330aeae9f21f2f1d9bd7f0b7d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-rhel8-operator@sha256:16e16659f18d1667739feaba263c5f72d6d2f69330aeae9f21f2f1d9bd7f0b7d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rhel8-operator\u0026tag=v1.6.3-10"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-operator-bundle@sha256:0cd2afa67ba591346be07d94b888e43241007b8c627eb268f2a42726f48dfe01_amd64",
"product": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:0cd2afa67ba591346be07d94b888e43241007b8c627eb268f2a42726f48dfe01_amd64",
"product_id": "rhmtc/openshift-migration-operator-bundle@sha256:0cd2afa67ba591346be07d94b888e43241007b8c627eb268f2a42726f48dfe01_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-operator-bundle@sha256:0cd2afa67ba591346be07d94b888e43241007b8c627eb268f2a42726f48dfe01?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle\u0026tag=v1.6.3-13"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:f5d0f384a19dcd66a9d209c195a5189f4c42aaea24aff1216d0b19b0a5042051_amd64",
"product": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:f5d0f384a19dcd66a9d209c195a5189f4c42aaea24aff1216d0b19b0a5042051_amd64",
"product_id": "rhmtc/openshift-migration-registry-rhel8@sha256:f5d0f384a19dcd66a9d209c195a5189f4c42aaea24aff1216d0b19b0a5042051_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-registry-rhel8@sha256:f5d0f384a19dcd66a9d209c195a5189f4c42aaea24aff1216d0b19b0a5042051?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8\u0026tag=v1.6.3-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2af554a778172618e94025ed3b1cf0b68669e9a6ffcc1306d25a6c9550711c9e_amd64",
"product": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2af554a778172618e94025ed3b1cf0b68669e9a6ffcc1306d25a6c9550711c9e_amd64",
"product_id": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2af554a778172618e94025ed3b1cf0b68669e9a6ffcc1306d25a6c9550711c9e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:2af554a778172618e94025ed3b1cf0b68669e9a6ffcc1306d25a6c9550711c9e?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8\u0026tag=v1.6.3-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:4627aa27c2dc815b43ba31876d182bd68722580a5579887c0465ec992884ad07_amd64",
"product": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:4627aa27c2dc815b43ba31876d182bd68722580a5579887c0465ec992884ad07_amd64",
"product_id": "rhmtc/openshift-migration-ui-rhel8@sha256:4627aa27c2dc815b43ba31876d182bd68722580a5579887c0465ec992884ad07_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-ui-rhel8@sha256:4627aa27c2dc815b43ba31876d182bd68722580a5579887c0465ec992884ad07?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8\u0026tag=v1.6.3-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:bea0ea7d0296dd0a6977888ef92436b8e3e1f89aad1eb509243c047d776479c3_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:bea0ea7d0296dd0a6977888ef92436b8e3e1f89aad1eb509243c047d776479c3_amd64",
"product_id": "rhmtc/openshift-migration-velero-rhel8@sha256:bea0ea7d0296dd0a6977888ef92436b8e3e1f89aad1eb509243c047d776479c3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-rhel8@sha256:bea0ea7d0296dd0a6977888ef92436b8e3e1f89aad1eb509243c047d776479c3?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-rhel8\u0026tag=v1.6.3-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:2ced8362cb3814099759b2167ac06e592b3ee6f55b14655776cd10734ee7cc04_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:2ced8362cb3814099759b2167ac06e592b3ee6f55b14655776cd10734ee7cc04_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:2ced8362cb3814099759b2167ac06e592b3ee6f55b14655776cd10734ee7cc04_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-aws-rhel8@sha256:2ced8362cb3814099759b2167ac06e592b3ee6f55b14655776cd10734ee7cc04?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-aws-rhel8\u0026tag=v1.6.3-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:14b37e4ecb1f2dd45dc6b1c3c34e6a06de69608de1bfbb1028eb6e1333ff2051_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:14b37e4ecb1f2dd45dc6b1c3c34e6a06de69608de1bfbb1028eb6e1333ff2051_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:14b37e4ecb1f2dd45dc6b1c3c34e6a06de69608de1bfbb1028eb6e1333ff2051_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:14b37e4ecb1f2dd45dc6b1c3c34e6a06de69608de1bfbb1028eb6e1333ff2051?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8\u0026tag=v1.6.3-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:13a932c4f7b94f04a121e212e2a7df6be2fe968aab3015b04bd687147ba5435a_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:13a932c4f7b94f04a121e212e2a7df6be2fe968aab3015b04bd687147ba5435a_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:13a932c4f7b94f04a121e212e2a7df6be2fe968aab3015b04bd687147ba5435a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:13a932c4f7b94f04a121e212e2a7df6be2fe968aab3015b04bd687147ba5435a?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8\u0026tag=v1.6.3-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:224ce9f8cc81e9fbe06cb21d49f629dc77b42c39126f0d32464fb73784575f93_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:224ce9f8cc81e9fbe06cb21d49f629dc77b42c39126f0d32464fb73784575f93_amd64",
"product_id": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:224ce9f8cc81e9fbe06cb21d49f629dc77b42c39126f0d32464fb73784575f93_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-restic-restore-helper-rhel8@sha256:224ce9f8cc81e9fbe06cb21d49f629dc77b42c39126f0d32464fb73784575f93?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-restic-restore-helper-rhel8\u0026tag=v1.6.3-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:ad83f3ff0051133dd4f50d48cd22f488913db77c0e699abf6146af3a753ca3ea_amd64",
"product": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:ad83f3ff0051133dd4f50d48cd22f488913db77c0e699abf6146af3a753ca3ea_amd64",
"product_id": "rhmtc/openshift-velero-plugin-rhel8@sha256:ad83f3ff0051133dd4f50d48cd22f488913db77c0e699abf6146af3a753ca3ea_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-velero-plugin-rhel8@sha256:ad83f3ff0051133dd4f50d48cd22f488913db77c0e699abf6146af3a753ca3ea?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-velero-plugin-rhel8\u0026tag=v1.6.3-3"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:112ecc3cc6075008cab440b8d70d8874049c660b79911cff4060e9c948c1d55e_amd64 as a component of 8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-controller-rhel8@sha256:112ecc3cc6075008cab440b8d70d8874049c660b79911cff4060e9c948c1d55e_amd64"
},
"product_reference": "rhmtc/openshift-migration-controller-rhel8@sha256:112ecc3cc6075008cab440b8d70d8874049c660b79911cff4060e9c948c1d55e_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:5fe9ef99bfc10b6998488b830e9226222666a7481862c6bc126924ff0cf4a07d_amd64 as a component of 8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-log-reader-rhel8@sha256:5fe9ef99bfc10b6998488b830e9226222666a7481862c6bc126924ff0cf4a07d_amd64"
},
"product_reference": "rhmtc/openshift-migration-log-reader-rhel8@sha256:5fe9ef99bfc10b6998488b830e9226222666a7481862c6bc126924ff0cf4a07d_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:1ced3e33a3b8644595502bcb141de52643e1321959fa6d2a7b50355146a7c63e_amd64 as a component of 8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-must-gather-rhel8@sha256:1ced3e33a3b8644595502bcb141de52643e1321959fa6d2a7b50355146a7c63e_amd64"
},
"product_reference": "rhmtc/openshift-migration-must-gather-rhel8@sha256:1ced3e33a3b8644595502bcb141de52643e1321959fa6d2a7b50355146a7c63e_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:0cd2afa67ba591346be07d94b888e43241007b8c627eb268f2a42726f48dfe01_amd64 as a component of 8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-operator-bundle@sha256:0cd2afa67ba591346be07d94b888e43241007b8c627eb268f2a42726f48dfe01_amd64"
},
"product_reference": "rhmtc/openshift-migration-operator-bundle@sha256:0cd2afa67ba591346be07d94b888e43241007b8c627eb268f2a42726f48dfe01_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:f5d0f384a19dcd66a9d209c195a5189f4c42aaea24aff1216d0b19b0a5042051_amd64 as a component of 8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-registry-rhel8@sha256:f5d0f384a19dcd66a9d209c195a5189f4c42aaea24aff1216d0b19b0a5042051_amd64"
},
"product_reference": "rhmtc/openshift-migration-registry-rhel8@sha256:f5d0f384a19dcd66a9d209c195a5189f4c42aaea24aff1216d0b19b0a5042051_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:16e16659f18d1667739feaba263c5f72d6d2f69330aeae9f21f2f1d9bd7f0b7d_amd64 as a component of 8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-rhel8-operator@sha256:16e16659f18d1667739feaba263c5f72d6d2f69330aeae9f21f2f1d9bd7f0b7d_amd64"
},
"product_reference": "rhmtc/openshift-migration-rhel8-operator@sha256:16e16659f18d1667739feaba263c5f72d6d2f69330aeae9f21f2f1d9bd7f0b7d_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2af554a778172618e94025ed3b1cf0b68669e9a6ffcc1306d25a6c9550711c9e_amd64 as a component of 8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2af554a778172618e94025ed3b1cf0b68669e9a6ffcc1306d25a6c9550711c9e_amd64"
},
"product_reference": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2af554a778172618e94025ed3b1cf0b68669e9a6ffcc1306d25a6c9550711c9e_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:4627aa27c2dc815b43ba31876d182bd68722580a5579887c0465ec992884ad07_amd64 as a component of 8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-ui-rhel8@sha256:4627aa27c2dc815b43ba31876d182bd68722580a5579887c0465ec992884ad07_amd64"
},
"product_reference": "rhmtc/openshift-migration-ui-rhel8@sha256:4627aa27c2dc815b43ba31876d182bd68722580a5579887c0465ec992884ad07_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:2ced8362cb3814099759b2167ac06e592b3ee6f55b14655776cd10734ee7cc04_amd64 as a component of 8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:2ced8362cb3814099759b2167ac06e592b3ee6f55b14655776cd10734ee7cc04_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:2ced8362cb3814099759b2167ac06e592b3ee6f55b14655776cd10734ee7cc04_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:14b37e4ecb1f2dd45dc6b1c3c34e6a06de69608de1bfbb1028eb6e1333ff2051_amd64 as a component of 8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:14b37e4ecb1f2dd45dc6b1c3c34e6a06de69608de1bfbb1028eb6e1333ff2051_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:14b37e4ecb1f2dd45dc6b1c3c34e6a06de69608de1bfbb1028eb6e1333ff2051_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:13a932c4f7b94f04a121e212e2a7df6be2fe968aab3015b04bd687147ba5435a_amd64 as a component of 8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:13a932c4f7b94f04a121e212e2a7df6be2fe968aab3015b04bd687147ba5435a_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:13a932c4f7b94f04a121e212e2a7df6be2fe968aab3015b04bd687147ba5435a_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:224ce9f8cc81e9fbe06cb21d49f629dc77b42c39126f0d32464fb73784575f93_amd64 as a component of 8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:224ce9f8cc81e9fbe06cb21d49f629dc77b42c39126f0d32464fb73784575f93_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:224ce9f8cc81e9fbe06cb21d49f629dc77b42c39126f0d32464fb73784575f93_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:bea0ea7d0296dd0a6977888ef92436b8e3e1f89aad1eb509243c047d776479c3_amd64 as a component of 8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-rhel8@sha256:bea0ea7d0296dd0a6977888ef92436b8e3e1f89aad1eb509243c047d776479c3_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-rhel8@sha256:bea0ea7d0296dd0a6977888ef92436b8e3e1f89aad1eb509243c047d776479c3_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:ad83f3ff0051133dd4f50d48cd22f488913db77c0e699abf6146af3a753ca3ea_amd64 as a component of 8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6:rhmtc/openshift-velero-plugin-rhel8@sha256:ad83f3ff0051133dd4f50d48cd22f488913db77c0e699abf6146af3a753ca3ea_amd64"
},
"product_reference": "rhmtc/openshift-velero-plugin-rhel8@sha256:ad83f3ff0051133dd4f50d48cd22f488913db77c0e699abf6146af3a753ca3ea_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.6"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Andrew Collins"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2021-3948",
"cwe": {
"id": "CWE-276",
"name": "Incorrect Default Permissions"
},
"discovery_date": "2021-11-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.6:rhmtc/openshift-migration-log-reader-rhel8@sha256:5fe9ef99bfc10b6998488b830e9226222666a7481862c6bc126924ff0cf4a07d_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-must-gather-rhel8@sha256:1ced3e33a3b8644595502bcb141de52643e1321959fa6d2a7b50355146a7c63e_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-operator-bundle@sha256:0cd2afa67ba591346be07d94b888e43241007b8c627eb268f2a42726f48dfe01_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-registry-rhel8@sha256:f5d0f384a19dcd66a9d209c195a5189f4c42aaea24aff1216d0b19b0a5042051_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-rhel8-operator@sha256:16e16659f18d1667739feaba263c5f72d6d2f69330aeae9f21f2f1d9bd7f0b7d_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2af554a778172618e94025ed3b1cf0b68669e9a6ffcc1306d25a6c9550711c9e_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-ui-rhel8@sha256:4627aa27c2dc815b43ba31876d182bd68722580a5579887c0465ec992884ad07_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:2ced8362cb3814099759b2167ac06e592b3ee6f55b14655776cd10734ee7cc04_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:14b37e4ecb1f2dd45dc6b1c3c34e6a06de69608de1bfbb1028eb6e1333ff2051_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:13a932c4f7b94f04a121e212e2a7df6be2fe968aab3015b04bd687147ba5435a_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:224ce9f8cc81e9fbe06cb21d49f629dc77b42c39126f0d32464fb73784575f93_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-rhel8@sha256:bea0ea7d0296dd0a6977888ef92436b8e3e1f89aad1eb509243c047d776479c3_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-velero-plugin-rhel8@sha256:ad83f3ff0051133dd4f50d48cd22f488913db77c0e699abf6146af3a753ca3ea_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2022017"
}
],
"notes": [
{
"category": "description",
"text": "An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.6:rhmtc/openshift-migration-controller-rhel8@sha256:112ecc3cc6075008cab440b8d70d8874049c660b79911cff4060e9c948c1d55e_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.6:rhmtc/openshift-migration-log-reader-rhel8@sha256:5fe9ef99bfc10b6998488b830e9226222666a7481862c6bc126924ff0cf4a07d_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-must-gather-rhel8@sha256:1ced3e33a3b8644595502bcb141de52643e1321959fa6d2a7b50355146a7c63e_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-operator-bundle@sha256:0cd2afa67ba591346be07d94b888e43241007b8c627eb268f2a42726f48dfe01_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-registry-rhel8@sha256:f5d0f384a19dcd66a9d209c195a5189f4c42aaea24aff1216d0b19b0a5042051_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-rhel8-operator@sha256:16e16659f18d1667739feaba263c5f72d6d2f69330aeae9f21f2f1d9bd7f0b7d_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2af554a778172618e94025ed3b1cf0b68669e9a6ffcc1306d25a6c9550711c9e_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-ui-rhel8@sha256:4627aa27c2dc815b43ba31876d182bd68722580a5579887c0465ec992884ad07_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:2ced8362cb3814099759b2167ac06e592b3ee6f55b14655776cd10734ee7cc04_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:14b37e4ecb1f2dd45dc6b1c3c34e6a06de69608de1bfbb1028eb6e1333ff2051_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:13a932c4f7b94f04a121e212e2a7df6be2fe968aab3015b04bd687147ba5435a_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:224ce9f8cc81e9fbe06cb21d49f629dc77b42c39126f0d32464fb73784575f93_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-rhel8@sha256:bea0ea7d0296dd0a6977888ef92436b8e3e1f89aad1eb509243c047d776479c3_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-velero-plugin-rhel8@sha256:ad83f3ff0051133dd4f50d48cd22f488913db77c0e699abf6146af3a753ca3ea_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3948"
},
{
"category": "external",
"summary": "RHBZ#2022017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022017"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3948",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3948"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3948",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3948"
}
],
"release_date": "2021-11-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-01-20T06:31:23+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.6:rhmtc/openshift-migration-controller-rhel8@sha256:112ecc3cc6075008cab440b8d70d8874049c660b79911cff4060e9c948c1d55e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0202"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.6:rhmtc/openshift-migration-controller-rhel8@sha256:112ecc3cc6075008cab440b8d70d8874049c660b79911cff4060e9c948c1d55e_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-log-reader-rhel8@sha256:5fe9ef99bfc10b6998488b830e9226222666a7481862c6bc126924ff0cf4a07d_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-must-gather-rhel8@sha256:1ced3e33a3b8644595502bcb141de52643e1321959fa6d2a7b50355146a7c63e_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-operator-bundle@sha256:0cd2afa67ba591346be07d94b888e43241007b8c627eb268f2a42726f48dfe01_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-registry-rhel8@sha256:f5d0f384a19dcd66a9d209c195a5189f4c42aaea24aff1216d0b19b0a5042051_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-rhel8-operator@sha256:16e16659f18d1667739feaba263c5f72d6d2f69330aeae9f21f2f1d9bd7f0b7d_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2af554a778172618e94025ed3b1cf0b68669e9a6ffcc1306d25a6c9550711c9e_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-ui-rhel8@sha256:4627aa27c2dc815b43ba31876d182bd68722580a5579887c0465ec992884ad07_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:2ced8362cb3814099759b2167ac06e592b3ee6f55b14655776cd10734ee7cc04_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:14b37e4ecb1f2dd45dc6b1c3c34e6a06de69608de1bfbb1028eb6e1333ff2051_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:13a932c4f7b94f04a121e212e2a7df6be2fe968aab3015b04bd687147ba5435a_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:224ce9f8cc81e9fbe06cb21d49f629dc77b42c39126f0d32464fb73784575f93_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-rhel8@sha256:bea0ea7d0296dd0a6977888ef92436b8e3e1f89aad1eb509243c047d776479c3_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-velero-plugin-rhel8@sha256:ad83f3ff0051133dd4f50d48cd22f488913db77c0e699abf6146af3a753ca3ea_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)"
}
]
}
RHSA-2022_0202
Vulnerability from csaf_redhat - Published: 2022-01-20 06:31 - Updated: 2024-11-22 17:29Summary
Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.6.3 security and bug fix update
Severity
Moderate
Notes
Topic: The Migration Toolkit for Containers (MTC) 1.6.3 is now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Security Fix(es):
* mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster.
6.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.6:rhmtc/openshift-migration-controller-rhel8@sha256:112ecc3cc6075008cab440b8d70d8874049c660b79911cff4060e9c948c1d55e_amd64 | — |
Vendor Fix
fix
|
Known not affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.6:rhmtc/openshift-migration-log-reader-rhel8@sha256:5fe9ef99bfc10b6998488b830e9226222666a7481862c6bc126924ff0cf4a07d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.6:rhmtc/openshift-migration-must-gather-rhel8@sha256:1ced3e33a3b8644595502bcb141de52643e1321959fa6d2a7b50355146a7c63e_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.6:rhmtc/openshift-migration-operator-bundle@sha256:0cd2afa67ba591346be07d94b888e43241007b8c627eb268f2a42726f48dfe01_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.6:rhmtc/openshift-migration-registry-rhel8@sha256:f5d0f384a19dcd66a9d209c195a5189f4c42aaea24aff1216d0b19b0a5042051_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.6:rhmtc/openshift-migration-rhel8-operator@sha256:16e16659f18d1667739feaba263c5f72d6d2f69330aeae9f21f2f1d9bd7f0b7d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.6:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2af554a778172618e94025ed3b1cf0b68669e9a6ffcc1306d25a6c9550711c9e_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.6:rhmtc/openshift-migration-ui-rhel8@sha256:4627aa27c2dc815b43ba31876d182bd68722580a5579887c0465ec992884ad07_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:2ced8362cb3814099759b2167ac06e592b3ee6f55b14655776cd10734ee7cc04_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:14b37e4ecb1f2dd45dc6b1c3c34e6a06de69608de1bfbb1028eb6e1333ff2051_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:13a932c4f7b94f04a121e212e2a7df6be2fe968aab3015b04bd687147ba5435a_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:224ce9f8cc81e9fbe06cb21d49f629dc77b42c39126f0d32464fb73784575f93_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-rhel8@sha256:bea0ea7d0296dd0a6977888ef92436b8e3e1f89aad1eb509243c047d776479c3_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.6:rhmtc/openshift-velero-plugin-rhel8@sha256:ad83f3ff0051133dd4f50d48cd22f488913db77c0e699abf6146af3a753ca3ea_amd64 | — |
Threats
Impact
Moderate
References
17 references
Acknowledgments
Red Hat
Andrew Collins
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The Migration Toolkit for Containers (MTC) 1.6.3 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.\n\nSecurity Fix(es):\n\n* mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:0202",
"url": "https://access.redhat.com/errata/RHSA-2022:0202"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2019088",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019088"
},
{
"category": "external",
"summary": "2021666",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2021666"
},
{
"category": "external",
"summary": "2021668",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2021668"
},
{
"category": "external",
"summary": "2022017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022017"
},
{
"category": "external",
"summary": "2024966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024966"
},
{
"category": "external",
"summary": "2027196",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027196"
},
{
"category": "external",
"summary": "2027382",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027382"
},
{
"category": "external",
"summary": "2028841",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2028841"
},
{
"category": "external",
"summary": "2031793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031793"
},
{
"category": "external",
"summary": "2039852",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039852"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0202.json"
}
],
"title": "Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.6.3 security and bug fix update",
"tracking": {
"current_release_date": "2024-11-22T17:29:44+00:00",
"generator": {
"date": "2024-11-22T17:29:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:0202",
"initial_release_date": "2022-01-20T06:31:23+00:00",
"revision_history": [
{
"date": "2022-01-20T06:31:23+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-01-20T06:31:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T17:29:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "8Base-RHMTC-1.6",
"product": {
"name": "8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhmt:1.6::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Migration Toolkit"
},
{
"branches": [
{
"category": "product_version",
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:112ecc3cc6075008cab440b8d70d8874049c660b79911cff4060e9c948c1d55e_amd64",
"product": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:112ecc3cc6075008cab440b8d70d8874049c660b79911cff4060e9c948c1d55e_amd64",
"product_id": "rhmtc/openshift-migration-controller-rhel8@sha256:112ecc3cc6075008cab440b8d70d8874049c660b79911cff4060e9c948c1d55e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-controller-rhel8@sha256:112ecc3cc6075008cab440b8d70d8874049c660b79911cff4060e9c948c1d55e?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8\u0026tag=v1.6.3-8"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:5fe9ef99bfc10b6998488b830e9226222666a7481862c6bc126924ff0cf4a07d_amd64",
"product": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:5fe9ef99bfc10b6998488b830e9226222666a7481862c6bc126924ff0cf4a07d_amd64",
"product_id": "rhmtc/openshift-migration-log-reader-rhel8@sha256:5fe9ef99bfc10b6998488b830e9226222666a7481862c6bc126924ff0cf4a07d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-log-reader-rhel8@sha256:5fe9ef99bfc10b6998488b830e9226222666a7481862c6bc126924ff0cf4a07d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8\u0026tag=v1.6.3-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:1ced3e33a3b8644595502bcb141de52643e1321959fa6d2a7b50355146a7c63e_amd64",
"product": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:1ced3e33a3b8644595502bcb141de52643e1321959fa6d2a7b50355146a7c63e_amd64",
"product_id": "rhmtc/openshift-migration-must-gather-rhel8@sha256:1ced3e33a3b8644595502bcb141de52643e1321959fa6d2a7b50355146a7c63e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-must-gather-rhel8@sha256:1ced3e33a3b8644595502bcb141de52643e1321959fa6d2a7b50355146a7c63e?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8\u0026tag=v1.6.3-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:16e16659f18d1667739feaba263c5f72d6d2f69330aeae9f21f2f1d9bd7f0b7d_amd64",
"product": {
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:16e16659f18d1667739feaba263c5f72d6d2f69330aeae9f21f2f1d9bd7f0b7d_amd64",
"product_id": "rhmtc/openshift-migration-rhel8-operator@sha256:16e16659f18d1667739feaba263c5f72d6d2f69330aeae9f21f2f1d9bd7f0b7d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-rhel8-operator@sha256:16e16659f18d1667739feaba263c5f72d6d2f69330aeae9f21f2f1d9bd7f0b7d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rhel8-operator\u0026tag=v1.6.3-10"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-operator-bundle@sha256:0cd2afa67ba591346be07d94b888e43241007b8c627eb268f2a42726f48dfe01_amd64",
"product": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:0cd2afa67ba591346be07d94b888e43241007b8c627eb268f2a42726f48dfe01_amd64",
"product_id": "rhmtc/openshift-migration-operator-bundle@sha256:0cd2afa67ba591346be07d94b888e43241007b8c627eb268f2a42726f48dfe01_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-operator-bundle@sha256:0cd2afa67ba591346be07d94b888e43241007b8c627eb268f2a42726f48dfe01?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle\u0026tag=v1.6.3-13"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:f5d0f384a19dcd66a9d209c195a5189f4c42aaea24aff1216d0b19b0a5042051_amd64",
"product": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:f5d0f384a19dcd66a9d209c195a5189f4c42aaea24aff1216d0b19b0a5042051_amd64",
"product_id": "rhmtc/openshift-migration-registry-rhel8@sha256:f5d0f384a19dcd66a9d209c195a5189f4c42aaea24aff1216d0b19b0a5042051_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-registry-rhel8@sha256:f5d0f384a19dcd66a9d209c195a5189f4c42aaea24aff1216d0b19b0a5042051?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8\u0026tag=v1.6.3-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2af554a778172618e94025ed3b1cf0b68669e9a6ffcc1306d25a6c9550711c9e_amd64",
"product": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2af554a778172618e94025ed3b1cf0b68669e9a6ffcc1306d25a6c9550711c9e_amd64",
"product_id": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2af554a778172618e94025ed3b1cf0b68669e9a6ffcc1306d25a6c9550711c9e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:2af554a778172618e94025ed3b1cf0b68669e9a6ffcc1306d25a6c9550711c9e?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8\u0026tag=v1.6.3-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:4627aa27c2dc815b43ba31876d182bd68722580a5579887c0465ec992884ad07_amd64",
"product": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:4627aa27c2dc815b43ba31876d182bd68722580a5579887c0465ec992884ad07_amd64",
"product_id": "rhmtc/openshift-migration-ui-rhel8@sha256:4627aa27c2dc815b43ba31876d182bd68722580a5579887c0465ec992884ad07_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-ui-rhel8@sha256:4627aa27c2dc815b43ba31876d182bd68722580a5579887c0465ec992884ad07?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8\u0026tag=v1.6.3-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:bea0ea7d0296dd0a6977888ef92436b8e3e1f89aad1eb509243c047d776479c3_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:bea0ea7d0296dd0a6977888ef92436b8e3e1f89aad1eb509243c047d776479c3_amd64",
"product_id": "rhmtc/openshift-migration-velero-rhel8@sha256:bea0ea7d0296dd0a6977888ef92436b8e3e1f89aad1eb509243c047d776479c3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-rhel8@sha256:bea0ea7d0296dd0a6977888ef92436b8e3e1f89aad1eb509243c047d776479c3?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-rhel8\u0026tag=v1.6.3-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:2ced8362cb3814099759b2167ac06e592b3ee6f55b14655776cd10734ee7cc04_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:2ced8362cb3814099759b2167ac06e592b3ee6f55b14655776cd10734ee7cc04_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:2ced8362cb3814099759b2167ac06e592b3ee6f55b14655776cd10734ee7cc04_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-aws-rhel8@sha256:2ced8362cb3814099759b2167ac06e592b3ee6f55b14655776cd10734ee7cc04?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-aws-rhel8\u0026tag=v1.6.3-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:14b37e4ecb1f2dd45dc6b1c3c34e6a06de69608de1bfbb1028eb6e1333ff2051_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:14b37e4ecb1f2dd45dc6b1c3c34e6a06de69608de1bfbb1028eb6e1333ff2051_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:14b37e4ecb1f2dd45dc6b1c3c34e6a06de69608de1bfbb1028eb6e1333ff2051_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:14b37e4ecb1f2dd45dc6b1c3c34e6a06de69608de1bfbb1028eb6e1333ff2051?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8\u0026tag=v1.6.3-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:13a932c4f7b94f04a121e212e2a7df6be2fe968aab3015b04bd687147ba5435a_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:13a932c4f7b94f04a121e212e2a7df6be2fe968aab3015b04bd687147ba5435a_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:13a932c4f7b94f04a121e212e2a7df6be2fe968aab3015b04bd687147ba5435a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:13a932c4f7b94f04a121e212e2a7df6be2fe968aab3015b04bd687147ba5435a?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8\u0026tag=v1.6.3-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:224ce9f8cc81e9fbe06cb21d49f629dc77b42c39126f0d32464fb73784575f93_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:224ce9f8cc81e9fbe06cb21d49f629dc77b42c39126f0d32464fb73784575f93_amd64",
"product_id": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:224ce9f8cc81e9fbe06cb21d49f629dc77b42c39126f0d32464fb73784575f93_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-restic-restore-helper-rhel8@sha256:224ce9f8cc81e9fbe06cb21d49f629dc77b42c39126f0d32464fb73784575f93?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-restic-restore-helper-rhel8\u0026tag=v1.6.3-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:ad83f3ff0051133dd4f50d48cd22f488913db77c0e699abf6146af3a753ca3ea_amd64",
"product": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:ad83f3ff0051133dd4f50d48cd22f488913db77c0e699abf6146af3a753ca3ea_amd64",
"product_id": "rhmtc/openshift-velero-plugin-rhel8@sha256:ad83f3ff0051133dd4f50d48cd22f488913db77c0e699abf6146af3a753ca3ea_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-velero-plugin-rhel8@sha256:ad83f3ff0051133dd4f50d48cd22f488913db77c0e699abf6146af3a753ca3ea?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-velero-plugin-rhel8\u0026tag=v1.6.3-3"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:112ecc3cc6075008cab440b8d70d8874049c660b79911cff4060e9c948c1d55e_amd64 as a component of 8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-controller-rhel8@sha256:112ecc3cc6075008cab440b8d70d8874049c660b79911cff4060e9c948c1d55e_amd64"
},
"product_reference": "rhmtc/openshift-migration-controller-rhel8@sha256:112ecc3cc6075008cab440b8d70d8874049c660b79911cff4060e9c948c1d55e_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:5fe9ef99bfc10b6998488b830e9226222666a7481862c6bc126924ff0cf4a07d_amd64 as a component of 8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-log-reader-rhel8@sha256:5fe9ef99bfc10b6998488b830e9226222666a7481862c6bc126924ff0cf4a07d_amd64"
},
"product_reference": "rhmtc/openshift-migration-log-reader-rhel8@sha256:5fe9ef99bfc10b6998488b830e9226222666a7481862c6bc126924ff0cf4a07d_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:1ced3e33a3b8644595502bcb141de52643e1321959fa6d2a7b50355146a7c63e_amd64 as a component of 8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-must-gather-rhel8@sha256:1ced3e33a3b8644595502bcb141de52643e1321959fa6d2a7b50355146a7c63e_amd64"
},
"product_reference": "rhmtc/openshift-migration-must-gather-rhel8@sha256:1ced3e33a3b8644595502bcb141de52643e1321959fa6d2a7b50355146a7c63e_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:0cd2afa67ba591346be07d94b888e43241007b8c627eb268f2a42726f48dfe01_amd64 as a component of 8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-operator-bundle@sha256:0cd2afa67ba591346be07d94b888e43241007b8c627eb268f2a42726f48dfe01_amd64"
},
"product_reference": "rhmtc/openshift-migration-operator-bundle@sha256:0cd2afa67ba591346be07d94b888e43241007b8c627eb268f2a42726f48dfe01_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:f5d0f384a19dcd66a9d209c195a5189f4c42aaea24aff1216d0b19b0a5042051_amd64 as a component of 8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-registry-rhel8@sha256:f5d0f384a19dcd66a9d209c195a5189f4c42aaea24aff1216d0b19b0a5042051_amd64"
},
"product_reference": "rhmtc/openshift-migration-registry-rhel8@sha256:f5d0f384a19dcd66a9d209c195a5189f4c42aaea24aff1216d0b19b0a5042051_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:16e16659f18d1667739feaba263c5f72d6d2f69330aeae9f21f2f1d9bd7f0b7d_amd64 as a component of 8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-rhel8-operator@sha256:16e16659f18d1667739feaba263c5f72d6d2f69330aeae9f21f2f1d9bd7f0b7d_amd64"
},
"product_reference": "rhmtc/openshift-migration-rhel8-operator@sha256:16e16659f18d1667739feaba263c5f72d6d2f69330aeae9f21f2f1d9bd7f0b7d_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2af554a778172618e94025ed3b1cf0b68669e9a6ffcc1306d25a6c9550711c9e_amd64 as a component of 8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2af554a778172618e94025ed3b1cf0b68669e9a6ffcc1306d25a6c9550711c9e_amd64"
},
"product_reference": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2af554a778172618e94025ed3b1cf0b68669e9a6ffcc1306d25a6c9550711c9e_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:4627aa27c2dc815b43ba31876d182bd68722580a5579887c0465ec992884ad07_amd64 as a component of 8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-ui-rhel8@sha256:4627aa27c2dc815b43ba31876d182bd68722580a5579887c0465ec992884ad07_amd64"
},
"product_reference": "rhmtc/openshift-migration-ui-rhel8@sha256:4627aa27c2dc815b43ba31876d182bd68722580a5579887c0465ec992884ad07_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:2ced8362cb3814099759b2167ac06e592b3ee6f55b14655776cd10734ee7cc04_amd64 as a component of 8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:2ced8362cb3814099759b2167ac06e592b3ee6f55b14655776cd10734ee7cc04_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:2ced8362cb3814099759b2167ac06e592b3ee6f55b14655776cd10734ee7cc04_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:14b37e4ecb1f2dd45dc6b1c3c34e6a06de69608de1bfbb1028eb6e1333ff2051_amd64 as a component of 8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:14b37e4ecb1f2dd45dc6b1c3c34e6a06de69608de1bfbb1028eb6e1333ff2051_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:14b37e4ecb1f2dd45dc6b1c3c34e6a06de69608de1bfbb1028eb6e1333ff2051_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:13a932c4f7b94f04a121e212e2a7df6be2fe968aab3015b04bd687147ba5435a_amd64 as a component of 8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:13a932c4f7b94f04a121e212e2a7df6be2fe968aab3015b04bd687147ba5435a_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:13a932c4f7b94f04a121e212e2a7df6be2fe968aab3015b04bd687147ba5435a_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:224ce9f8cc81e9fbe06cb21d49f629dc77b42c39126f0d32464fb73784575f93_amd64 as a component of 8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:224ce9f8cc81e9fbe06cb21d49f629dc77b42c39126f0d32464fb73784575f93_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:224ce9f8cc81e9fbe06cb21d49f629dc77b42c39126f0d32464fb73784575f93_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:bea0ea7d0296dd0a6977888ef92436b8e3e1f89aad1eb509243c047d776479c3_amd64 as a component of 8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-rhel8@sha256:bea0ea7d0296dd0a6977888ef92436b8e3e1f89aad1eb509243c047d776479c3_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-rhel8@sha256:bea0ea7d0296dd0a6977888ef92436b8e3e1f89aad1eb509243c047d776479c3_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:ad83f3ff0051133dd4f50d48cd22f488913db77c0e699abf6146af3a753ca3ea_amd64 as a component of 8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6:rhmtc/openshift-velero-plugin-rhel8@sha256:ad83f3ff0051133dd4f50d48cd22f488913db77c0e699abf6146af3a753ca3ea_amd64"
},
"product_reference": "rhmtc/openshift-velero-plugin-rhel8@sha256:ad83f3ff0051133dd4f50d48cd22f488913db77c0e699abf6146af3a753ca3ea_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.6"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Andrew Collins"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2021-3948",
"cwe": {
"id": "CWE-276",
"name": "Incorrect Default Permissions"
},
"discovery_date": "2021-11-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.6:rhmtc/openshift-migration-log-reader-rhel8@sha256:5fe9ef99bfc10b6998488b830e9226222666a7481862c6bc126924ff0cf4a07d_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-must-gather-rhel8@sha256:1ced3e33a3b8644595502bcb141de52643e1321959fa6d2a7b50355146a7c63e_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-operator-bundle@sha256:0cd2afa67ba591346be07d94b888e43241007b8c627eb268f2a42726f48dfe01_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-registry-rhel8@sha256:f5d0f384a19dcd66a9d209c195a5189f4c42aaea24aff1216d0b19b0a5042051_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-rhel8-operator@sha256:16e16659f18d1667739feaba263c5f72d6d2f69330aeae9f21f2f1d9bd7f0b7d_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2af554a778172618e94025ed3b1cf0b68669e9a6ffcc1306d25a6c9550711c9e_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-ui-rhel8@sha256:4627aa27c2dc815b43ba31876d182bd68722580a5579887c0465ec992884ad07_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:2ced8362cb3814099759b2167ac06e592b3ee6f55b14655776cd10734ee7cc04_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:14b37e4ecb1f2dd45dc6b1c3c34e6a06de69608de1bfbb1028eb6e1333ff2051_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:13a932c4f7b94f04a121e212e2a7df6be2fe968aab3015b04bd687147ba5435a_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:224ce9f8cc81e9fbe06cb21d49f629dc77b42c39126f0d32464fb73784575f93_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-rhel8@sha256:bea0ea7d0296dd0a6977888ef92436b8e3e1f89aad1eb509243c047d776479c3_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-velero-plugin-rhel8@sha256:ad83f3ff0051133dd4f50d48cd22f488913db77c0e699abf6146af3a753ca3ea_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2022017"
}
],
"notes": [
{
"category": "description",
"text": "An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.6:rhmtc/openshift-migration-controller-rhel8@sha256:112ecc3cc6075008cab440b8d70d8874049c660b79911cff4060e9c948c1d55e_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.6:rhmtc/openshift-migration-log-reader-rhel8@sha256:5fe9ef99bfc10b6998488b830e9226222666a7481862c6bc126924ff0cf4a07d_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-must-gather-rhel8@sha256:1ced3e33a3b8644595502bcb141de52643e1321959fa6d2a7b50355146a7c63e_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-operator-bundle@sha256:0cd2afa67ba591346be07d94b888e43241007b8c627eb268f2a42726f48dfe01_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-registry-rhel8@sha256:f5d0f384a19dcd66a9d209c195a5189f4c42aaea24aff1216d0b19b0a5042051_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-rhel8-operator@sha256:16e16659f18d1667739feaba263c5f72d6d2f69330aeae9f21f2f1d9bd7f0b7d_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2af554a778172618e94025ed3b1cf0b68669e9a6ffcc1306d25a6c9550711c9e_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-ui-rhel8@sha256:4627aa27c2dc815b43ba31876d182bd68722580a5579887c0465ec992884ad07_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:2ced8362cb3814099759b2167ac06e592b3ee6f55b14655776cd10734ee7cc04_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:14b37e4ecb1f2dd45dc6b1c3c34e6a06de69608de1bfbb1028eb6e1333ff2051_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:13a932c4f7b94f04a121e212e2a7df6be2fe968aab3015b04bd687147ba5435a_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:224ce9f8cc81e9fbe06cb21d49f629dc77b42c39126f0d32464fb73784575f93_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-rhel8@sha256:bea0ea7d0296dd0a6977888ef92436b8e3e1f89aad1eb509243c047d776479c3_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-velero-plugin-rhel8@sha256:ad83f3ff0051133dd4f50d48cd22f488913db77c0e699abf6146af3a753ca3ea_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3948"
},
{
"category": "external",
"summary": "RHBZ#2022017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022017"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3948",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3948"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3948",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3948"
}
],
"release_date": "2021-11-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-01-20T06:31:23+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.6:rhmtc/openshift-migration-controller-rhel8@sha256:112ecc3cc6075008cab440b8d70d8874049c660b79911cff4060e9c948c1d55e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0202"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.6:rhmtc/openshift-migration-controller-rhel8@sha256:112ecc3cc6075008cab440b8d70d8874049c660b79911cff4060e9c948c1d55e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…