CVE-2021-3948

Published: Feb 18, 2022Modified: Nov 21, 2024

6.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Exploitability: 2.8 / Impact: 3.4

Source: NVD

Description

An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster.

Affected (5)

Products: Konveyor: Mig Controller · Redhat: Migration Toolkit

1 product

1 product

Migration Toolkit

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Konveyor Mig Controller	Before 1.5.2
Konveyor Mig Controller	From 1.6.0 to 1.6.3

Configuration B

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Redhat Migration Toolkit	Version 1.0

Running on/with	Platform Versions
Redhat Enterprise Linux	Version 7.0
Redhat Enterprise Linux	Version 8.0

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Migration Toolkit	Version 1.5
Redhat Migration Toolkit	Version 1.6

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://bugzilla.redhat.com/show_bug.cgi?id=2022017

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2022017

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

Timeline

No history available yet.