CVE-2021-3495HIGHCVSS 8.8fixed in 1.24.7·≥ 1.30.0, < 1.33.02021-06-01
CVE-2021-3495 [HIGH] CWE-281 CVE-2021-3495: An incorrect access control flaw was found in the kiali-operator in versions before 1.33.0 and befor
An incorrect access control flaw was found in the kiali-operator in versions before 1.33.0 and before 1.24.7. This flaw allows an attacker with a basic level of access to the cluster (to deploy a kiali operand) to use this vulnerability and deploy a given image to anywhere in the cluster, potentially gaining access to privileged service account tokens.
nvd