Vulnerabilities > CVE-2021-3495

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

netlify

redhat

NVD

Published: 2021-06-01

Updated: 2024-11-21

Summary

An incorrect access control flaw was found in the kiali-operator in versions before 1.33.0 and before 1.24.7. This flaw allows an attacker with a basic level of access to the cluster (to deploy a kiali operand) to use this vulnerability and deploy a given image to anywhere in the cluster, potentially gaining access to privileged service account tokens. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Vulnerable Configurations

Part	Description	Count
Application	Netlify Netlify Kiali Operator *	1
Application	Redhat Redhat Openshift Service Mesh 1.0 Redhat Openshift Service Mesh 2.0	2

References

https://bugzilla.redhat.com/show_bug.cgi?id=1947361
https://bugzilla.redhat.com/show_bug.cgi?id=1947361
https://kiali.io/news/security-bulletins/kiali-security-003/
https://kiali.io/news/security-bulletins/kiali-security-003/

Vulnerabilities > CVE-2021-3495 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2021-3495"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2021-3495