CVE-2021-3948

Summary

An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster.

Affected Software

VendorProductVersion RangeStatus
n/amig-controllerkonveyor/mig-controller release-1.5.2, konveyor/mig-controller release-1.6.3affected

Weaknesses

  • CWE-276: CWE-276

ADP Enrichment

CVE Program Container

Additional References

References