An incorrect access control flaw was found in the kiali-operator in versions before 1.33.0 and before 1.24.7. This flaw allows an attacker with a basic level of access to the cluster (to deploy a kiali operand) to use this vulnerability and deploy a given image to anywhere in the cluster, potentially gaining access to privileged service account tokens. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Advisories
Source ID Title
EUVD EUVD EUVD-2021-1363 An incorrect access control flaw was found in the kiali-operator in versions before 1.33.0 and before 1.24.7. This flaw allows an attacker with a basic level of access to the cluster (to deploy a kiali operand) to use this vulnerability and deploy a given image to anywhere in the cluster, potentially gaining access to privileged service account tokens. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Github GHSA Github GHSA GHSA-mv55-23xp-3wp8 Access control flaw in Kiali
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-08-03T16:53:17.829Z

Reserved: 2021-04-12T00:00:00

Link: CVE-2021-3495

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-06-01T14:15:10.303

Modified: 2024-11-21T06:21:40.747

Link: CVE-2021-3495

cve-icon Redhat

Severity : Important

Publid Date: 2021-05-11T19:00:00Z

Links: CVE-2021-3495 - Bugzilla

cve-icon OpenCVE Enrichment

No data.