CVE-2021-3948

An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
VendorProductVersion
konveyormig-controller
𝑥
< 1.5.2
konveyormig-controller
1.6.0 ≤
𝑥
< 1.6.3
redhatmigration_toolkit
1.0
redhatmigration_toolkit
1.5
redhatmigration_toolkit
1.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=2022017
https://bugzilla.redhat.com/show_bug.cgi?id=2022017