Redhat Migration Toolkit vulnerabilities

CVE-2021-3948 [MEDIUM] CWE-276 CVE-2021-3948: An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster.

CVE-2020-1712 [HIGH] CWE-416 CVE-2020-1712: A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.