PT-2022-10475 · Unknown · Servicemesh-Operator

Anten Skrabec

Published

2022-08-22

Updated

2022-08-26

CVE-2021-3586

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions servicemesh-operator (affected versions not specified)

Description A flaw was found in the servicemesh-operator, where the NetworkPolicy resources installed for Maistra do not properly specify which ports may be accessed. This allows access to all ports on these resources from any pod, posing a threat to data confidentiality and integrity, as well as system availability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1188

Related Identifiers

CVE-2021-3586

RHSA-2021:2380

Affected Products

Servicemesh-Operator

PT-2022-10475 · Unknown · Servicemesh-Operator

CVE-2021-3586

Weakness Enumeration

Related Identifiers

Affected Products

References · 5