Main Vulnerability Database Vulnerabilities #VU54032

Security features bypass in OpenShift Service Mesh and servicemesh-operator (Red Hat package) - CVE-2021-3586

Published: June 10, 2021

Vulnerability identifier: #VU54032

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-3586

CWE-ID: CWE-254

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
OpenShift Service Mesh
servicemesh-operator (Red Hat package)

Software vendor:
Red Hat Inc.

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists in the servicemesh-operator. The NetworkPolicy resources installed for Maistra do not properly specify which ports may be accessed allowing access to all ports on these resources from any pod.

Remediation

Install updates from vendor's website.

External links

https://access.redhat.com/errata/RHSA-2021:2380

Security features bypass in OpenShift Service Mesh and servicemesh-operator (Red Hat package) - CVE-2021-3586

Description

Remediation

External links

Please verify you're human