CVE-2021-3586

2022-08-2215:15:13

CWE-1188

[email protected]

web.nvd.nist.gov

servicemesh-operator

networkpolicy

maistra

vulnerability

data confidentiality

system availability

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.0%

JSON

A flaw was found in servicemesh-operator. The NetworkPolicy resources installed for Maistra do not properly specify which ports may be accessed, allowing access to all ports on these resources from any pod. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Affected configurations

Vulners

NVD

Node

redhatservicemesh-operatorRange≤2.0.5.1

redhatservicemesh-operatorRange≤2.0.5.2

VendorProductVersionCPE
redhatservicemesh\-operator*cpe:2.3:a:redhat:servicemesh\-operator:*:*:*:*:*:*:*:*
redhatservicemesh\-operator*cpe:2.3:a:redhat:servicemesh\-operator:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	servicemesh\-operator	*	cpe:2.3:a:redhat:servicemesh\-operator::::::::
redhat	servicemesh\-operator	*	cpe:2.3:a:redhat:servicemesh\-operator::::::::

CNA Affected

[
  {
    "product": "servicemesh-operator",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Affects v2.0.5.1, Fixed in v2.0.5.2."
      }
    ]
  }
]