Incorrect Default Permissions
CVE-2021-3948
Summary
An incorrect default permissions vulnerability was found in mig-controller versions prior to 1.5.2 and 1.6.x prior to 1.6.3. Due to an incorrect cluster namespace handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster.
- LOW
- NETWORK
- LOW
- UNCHANGED
- NONE
- LOW
- LOW
- LOW
CWE-276 - Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
References
Advisory Timeline
- Published