CVE-2021-3586

CWE-1188 CWE-3054 documents4 sources

Severity

9.8CRITICAL

EPSS

0.4%

top 36.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Openshift Service Mesh Redhat Servicemesh-operator

Timeline

PublishedAug 22

Latest updateAug 23

Description

A flaw was found in servicemesh-operator. The NetworkPolicy resources installed for Maistra do not properly specify which ports may be accessed, allowing access to all ports on these resources from any pod. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5servicemesh-operatorAffects v2.0.5.1, Fixed in v2.0.5.2.

▶NVDredhat/servicemesh-operator2.0.5.1

▶NVDredhat/openshift_service_mesh2.0

🔴Vulnerability Details

GHSA

GHSA-hq9j-p426-983m: A flaw was found in servicemesh-operator↗2022-08-23

▶

CVEList

CVE-2021-3586: A flaw was found in servicemesh-operator↗2022-08-22

▶

📋Vendor Advisories

Red Hat

servicemesh-operator: NetworkPolicy resources incorrectly specify ports for ingress resources↗2021-06-10

▶