CVE-2021-3948
MEDIUMmig-controller - Incorrect Default Permissions via Cluster Namespace Handling
Title source: llmDescription
An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster.
References (1)
Core 1
Core References
Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2022017
Scores
CVSS v3
6.3
EPSS
0.0019
EPSS Percentile
40.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-276
Status
published
Products (4)
konveyor/mig-controller
< 1.5.2
redhat/migration_toolkit
1.0
redhat/migration_toolkit
1.5
redhat/migration_toolkit
1.6
Published
Feb 18, 2022
Tracked Since
Feb 18, 2026