CVE-2021-3495HIGHCVSS 8.8vkiali/kiali-operator 1.33.0, kiali/kiali-operator 1.24.72021-06-01
CVE-2021-3495 [HIGH] CWE-281 CVE-2021-3495: An incorrect access control flaw was found in the kiali-operator in versions before 1.33.0 and befor
An incorrect access control flaw was found in the kiali-operator in versions before 1.33.0 and before 1.24.7. This flaw allows an attacker with a basic level of access to the cluster (to deploy a kiali operand) to use this vulnerability and deploy a given image to anywhere in the cluster, potentially gaining access to privileged service account tokens.
cvelistv5nvd