CVE-2021-3495 in Netlify and Red Hat Products
Published on June 1, 2021
An incorrect access control flaw was found in the kiali-operator in versions before 1.33.0 and before 1.24.7. This flaw allows an attacker with a basic level of access to the cluster (to deploy a kiali operand) to use this vulnerability and deploy a given image to anywhere in the cluster, potentially gaining access to privileged service account tokens. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Weakness Type
Improper Preservation of Permissions
The software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.
Products Associated with CVE-2021-3495
stack.watch emails you whenever new vulnerabilities are published in Netlify Kiali Operator or Red Hat Openshift Service Mesh. Just hit a watch button to start following.
Exploit Probability
EPSS
0.34%
Percentile
56.66%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.