Skip to main content

Incorrect Default Permissions


Severity Medium
Score 6.3/10


An incorrect default permissions vulnerability was found in mig-controller versions prior to 1.5.2 and 1.6.x prior to 1.6.3. Due to an incorrect cluster namespace handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster.

  • LOW
  • LOW
  • NONE
  • LOW
  • LOW
  • LOW

CWE-276 - Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

Advisory Timeline

  • Published