CVE-2020-14306

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-14306

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-14306.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-14306

Related

RHSA-2020:2795

Published

2020-09-16T18:15:13Z

Modified

2024-05-14T07:37:55.703257Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An incorrect access control flaw was found in the operator, openshift-service-mesh/istio-rhel8-operator all versions through 1.1.3. This flaw allows an attacker with a basic level of access to the cluster to deploy a custom gateway/pod to any namespace, potentially gaining access to privileged service account tokens. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References

Affected packages

Git / github.com/maistra/istio-operator

Affected ranges

Type: GIT
Repo: https://github.com/maistra/istio-operator
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

bf27bd25783eba2aa64593ff63e1031d4e179a4c

Affected versions

maistra-0.*

maistra-0.1.0

maistra-0.10.0

maistra-0.11.0

maistra-0.12.0

maistra-0.2.0

maistra-0.3.0

maistra-0.4.0

maistra-0.5.0

maistra-0.6.0

maistra-0.7.0

maistra-0.8.0

maistra-0.9.0

maistra-1.*

maistra-1.0.0

maistra-1.1.0

maistra-1.1.1

maistra-1.1.3