rhsa-2022_0202
Vulnerability from csaf_redhat
Published
2022-01-20 06:31
Modified
2024-11-22 17:29
Summary
Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.6.3 security and bug fix update
Notes
Topic
The Migration Toolkit for Containers (MTC) 1.6.3 is now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Security Fix(es):
* mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The Migration Toolkit for Containers (MTC) 1.6.3 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.\n\nSecurity Fix(es):\n\n* mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:0202",
"url": "https://access.redhat.com/errata/RHSA-2022:0202"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2019088",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019088"
},
{
"category": "external",
"summary": "2021666",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2021666"
},
{
"category": "external",
"summary": "2021668",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2021668"
},
{
"category": "external",
"summary": "2022017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022017"
},
{
"category": "external",
"summary": "2024966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024966"
},
{
"category": "external",
"summary": "2027196",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027196"
},
{
"category": "external",
"summary": "2027382",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027382"
},
{
"category": "external",
"summary": "2028841",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2028841"
},
{
"category": "external",
"summary": "2031793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031793"
},
{
"category": "external",
"summary": "2039852",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039852"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0202.json"
}
],
"title": "Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.6.3 security and bug fix update",
"tracking": {
"current_release_date": "2024-11-22T17:29:44+00:00",
"generator": {
"date": "2024-11-22T17:29:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:0202",
"initial_release_date": "2022-01-20T06:31:23+00:00",
"revision_history": [
{
"date": "2022-01-20T06:31:23+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-01-20T06:31:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T17:29:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "8Base-RHMTC-1.6",
"product": {
"name": "8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhmt:1.6::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Migration Toolkit"
},
{
"branches": [
{
"category": "product_version",
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:112ecc3cc6075008cab440b8d70d8874049c660b79911cff4060e9c948c1d55e_amd64",
"product": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:112ecc3cc6075008cab440b8d70d8874049c660b79911cff4060e9c948c1d55e_amd64",
"product_id": "rhmtc/openshift-migration-controller-rhel8@sha256:112ecc3cc6075008cab440b8d70d8874049c660b79911cff4060e9c948c1d55e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-controller-rhel8@sha256:112ecc3cc6075008cab440b8d70d8874049c660b79911cff4060e9c948c1d55e?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8\u0026tag=v1.6.3-8"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:5fe9ef99bfc10b6998488b830e9226222666a7481862c6bc126924ff0cf4a07d_amd64",
"product": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:5fe9ef99bfc10b6998488b830e9226222666a7481862c6bc126924ff0cf4a07d_amd64",
"product_id": "rhmtc/openshift-migration-log-reader-rhel8@sha256:5fe9ef99bfc10b6998488b830e9226222666a7481862c6bc126924ff0cf4a07d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-log-reader-rhel8@sha256:5fe9ef99bfc10b6998488b830e9226222666a7481862c6bc126924ff0cf4a07d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8\u0026tag=v1.6.3-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:1ced3e33a3b8644595502bcb141de52643e1321959fa6d2a7b50355146a7c63e_amd64",
"product": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:1ced3e33a3b8644595502bcb141de52643e1321959fa6d2a7b50355146a7c63e_amd64",
"product_id": "rhmtc/openshift-migration-must-gather-rhel8@sha256:1ced3e33a3b8644595502bcb141de52643e1321959fa6d2a7b50355146a7c63e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-must-gather-rhel8@sha256:1ced3e33a3b8644595502bcb141de52643e1321959fa6d2a7b50355146a7c63e?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8\u0026tag=v1.6.3-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:16e16659f18d1667739feaba263c5f72d6d2f69330aeae9f21f2f1d9bd7f0b7d_amd64",
"product": {
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:16e16659f18d1667739feaba263c5f72d6d2f69330aeae9f21f2f1d9bd7f0b7d_amd64",
"product_id": "rhmtc/openshift-migration-rhel8-operator@sha256:16e16659f18d1667739feaba263c5f72d6d2f69330aeae9f21f2f1d9bd7f0b7d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-rhel8-operator@sha256:16e16659f18d1667739feaba263c5f72d6d2f69330aeae9f21f2f1d9bd7f0b7d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rhel8-operator\u0026tag=v1.6.3-10"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-operator-bundle@sha256:0cd2afa67ba591346be07d94b888e43241007b8c627eb268f2a42726f48dfe01_amd64",
"product": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:0cd2afa67ba591346be07d94b888e43241007b8c627eb268f2a42726f48dfe01_amd64",
"product_id": "rhmtc/openshift-migration-operator-bundle@sha256:0cd2afa67ba591346be07d94b888e43241007b8c627eb268f2a42726f48dfe01_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-operator-bundle@sha256:0cd2afa67ba591346be07d94b888e43241007b8c627eb268f2a42726f48dfe01?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle\u0026tag=v1.6.3-13"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:f5d0f384a19dcd66a9d209c195a5189f4c42aaea24aff1216d0b19b0a5042051_amd64",
"product": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:f5d0f384a19dcd66a9d209c195a5189f4c42aaea24aff1216d0b19b0a5042051_amd64",
"product_id": "rhmtc/openshift-migration-registry-rhel8@sha256:f5d0f384a19dcd66a9d209c195a5189f4c42aaea24aff1216d0b19b0a5042051_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-registry-rhel8@sha256:f5d0f384a19dcd66a9d209c195a5189f4c42aaea24aff1216d0b19b0a5042051?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8\u0026tag=v1.6.3-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2af554a778172618e94025ed3b1cf0b68669e9a6ffcc1306d25a6c9550711c9e_amd64",
"product": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2af554a778172618e94025ed3b1cf0b68669e9a6ffcc1306d25a6c9550711c9e_amd64",
"product_id": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2af554a778172618e94025ed3b1cf0b68669e9a6ffcc1306d25a6c9550711c9e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:2af554a778172618e94025ed3b1cf0b68669e9a6ffcc1306d25a6c9550711c9e?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8\u0026tag=v1.6.3-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:4627aa27c2dc815b43ba31876d182bd68722580a5579887c0465ec992884ad07_amd64",
"product": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:4627aa27c2dc815b43ba31876d182bd68722580a5579887c0465ec992884ad07_amd64",
"product_id": "rhmtc/openshift-migration-ui-rhel8@sha256:4627aa27c2dc815b43ba31876d182bd68722580a5579887c0465ec992884ad07_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-ui-rhel8@sha256:4627aa27c2dc815b43ba31876d182bd68722580a5579887c0465ec992884ad07?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8\u0026tag=v1.6.3-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:bea0ea7d0296dd0a6977888ef92436b8e3e1f89aad1eb509243c047d776479c3_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:bea0ea7d0296dd0a6977888ef92436b8e3e1f89aad1eb509243c047d776479c3_amd64",
"product_id": "rhmtc/openshift-migration-velero-rhel8@sha256:bea0ea7d0296dd0a6977888ef92436b8e3e1f89aad1eb509243c047d776479c3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-rhel8@sha256:bea0ea7d0296dd0a6977888ef92436b8e3e1f89aad1eb509243c047d776479c3?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-rhel8\u0026tag=v1.6.3-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:2ced8362cb3814099759b2167ac06e592b3ee6f55b14655776cd10734ee7cc04_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:2ced8362cb3814099759b2167ac06e592b3ee6f55b14655776cd10734ee7cc04_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:2ced8362cb3814099759b2167ac06e592b3ee6f55b14655776cd10734ee7cc04_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-aws-rhel8@sha256:2ced8362cb3814099759b2167ac06e592b3ee6f55b14655776cd10734ee7cc04?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-aws-rhel8\u0026tag=v1.6.3-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:14b37e4ecb1f2dd45dc6b1c3c34e6a06de69608de1bfbb1028eb6e1333ff2051_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:14b37e4ecb1f2dd45dc6b1c3c34e6a06de69608de1bfbb1028eb6e1333ff2051_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:14b37e4ecb1f2dd45dc6b1c3c34e6a06de69608de1bfbb1028eb6e1333ff2051_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:14b37e4ecb1f2dd45dc6b1c3c34e6a06de69608de1bfbb1028eb6e1333ff2051?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8\u0026tag=v1.6.3-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:13a932c4f7b94f04a121e212e2a7df6be2fe968aab3015b04bd687147ba5435a_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:13a932c4f7b94f04a121e212e2a7df6be2fe968aab3015b04bd687147ba5435a_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:13a932c4f7b94f04a121e212e2a7df6be2fe968aab3015b04bd687147ba5435a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:13a932c4f7b94f04a121e212e2a7df6be2fe968aab3015b04bd687147ba5435a?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8\u0026tag=v1.6.3-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:224ce9f8cc81e9fbe06cb21d49f629dc77b42c39126f0d32464fb73784575f93_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:224ce9f8cc81e9fbe06cb21d49f629dc77b42c39126f0d32464fb73784575f93_amd64",
"product_id": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:224ce9f8cc81e9fbe06cb21d49f629dc77b42c39126f0d32464fb73784575f93_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-restic-restore-helper-rhel8@sha256:224ce9f8cc81e9fbe06cb21d49f629dc77b42c39126f0d32464fb73784575f93?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-restic-restore-helper-rhel8\u0026tag=v1.6.3-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:ad83f3ff0051133dd4f50d48cd22f488913db77c0e699abf6146af3a753ca3ea_amd64",
"product": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:ad83f3ff0051133dd4f50d48cd22f488913db77c0e699abf6146af3a753ca3ea_amd64",
"product_id": "rhmtc/openshift-velero-plugin-rhel8@sha256:ad83f3ff0051133dd4f50d48cd22f488913db77c0e699abf6146af3a753ca3ea_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-velero-plugin-rhel8@sha256:ad83f3ff0051133dd4f50d48cd22f488913db77c0e699abf6146af3a753ca3ea?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-velero-plugin-rhel8\u0026tag=v1.6.3-3"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:112ecc3cc6075008cab440b8d70d8874049c660b79911cff4060e9c948c1d55e_amd64 as a component of 8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-controller-rhel8@sha256:112ecc3cc6075008cab440b8d70d8874049c660b79911cff4060e9c948c1d55e_amd64"
},
"product_reference": "rhmtc/openshift-migration-controller-rhel8@sha256:112ecc3cc6075008cab440b8d70d8874049c660b79911cff4060e9c948c1d55e_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:5fe9ef99bfc10b6998488b830e9226222666a7481862c6bc126924ff0cf4a07d_amd64 as a component of 8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-log-reader-rhel8@sha256:5fe9ef99bfc10b6998488b830e9226222666a7481862c6bc126924ff0cf4a07d_amd64"
},
"product_reference": "rhmtc/openshift-migration-log-reader-rhel8@sha256:5fe9ef99bfc10b6998488b830e9226222666a7481862c6bc126924ff0cf4a07d_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:1ced3e33a3b8644595502bcb141de52643e1321959fa6d2a7b50355146a7c63e_amd64 as a component of 8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-must-gather-rhel8@sha256:1ced3e33a3b8644595502bcb141de52643e1321959fa6d2a7b50355146a7c63e_amd64"
},
"product_reference": "rhmtc/openshift-migration-must-gather-rhel8@sha256:1ced3e33a3b8644595502bcb141de52643e1321959fa6d2a7b50355146a7c63e_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:0cd2afa67ba591346be07d94b888e43241007b8c627eb268f2a42726f48dfe01_amd64 as a component of 8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-operator-bundle@sha256:0cd2afa67ba591346be07d94b888e43241007b8c627eb268f2a42726f48dfe01_amd64"
},
"product_reference": "rhmtc/openshift-migration-operator-bundle@sha256:0cd2afa67ba591346be07d94b888e43241007b8c627eb268f2a42726f48dfe01_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:f5d0f384a19dcd66a9d209c195a5189f4c42aaea24aff1216d0b19b0a5042051_amd64 as a component of 8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-registry-rhel8@sha256:f5d0f384a19dcd66a9d209c195a5189f4c42aaea24aff1216d0b19b0a5042051_amd64"
},
"product_reference": "rhmtc/openshift-migration-registry-rhel8@sha256:f5d0f384a19dcd66a9d209c195a5189f4c42aaea24aff1216d0b19b0a5042051_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:16e16659f18d1667739feaba263c5f72d6d2f69330aeae9f21f2f1d9bd7f0b7d_amd64 as a component of 8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-rhel8-operator@sha256:16e16659f18d1667739feaba263c5f72d6d2f69330aeae9f21f2f1d9bd7f0b7d_amd64"
},
"product_reference": "rhmtc/openshift-migration-rhel8-operator@sha256:16e16659f18d1667739feaba263c5f72d6d2f69330aeae9f21f2f1d9bd7f0b7d_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2af554a778172618e94025ed3b1cf0b68669e9a6ffcc1306d25a6c9550711c9e_amd64 as a component of 8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2af554a778172618e94025ed3b1cf0b68669e9a6ffcc1306d25a6c9550711c9e_amd64"
},
"product_reference": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2af554a778172618e94025ed3b1cf0b68669e9a6ffcc1306d25a6c9550711c9e_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:4627aa27c2dc815b43ba31876d182bd68722580a5579887c0465ec992884ad07_amd64 as a component of 8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-ui-rhel8@sha256:4627aa27c2dc815b43ba31876d182bd68722580a5579887c0465ec992884ad07_amd64"
},
"product_reference": "rhmtc/openshift-migration-ui-rhel8@sha256:4627aa27c2dc815b43ba31876d182bd68722580a5579887c0465ec992884ad07_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:2ced8362cb3814099759b2167ac06e592b3ee6f55b14655776cd10734ee7cc04_amd64 as a component of 8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:2ced8362cb3814099759b2167ac06e592b3ee6f55b14655776cd10734ee7cc04_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:2ced8362cb3814099759b2167ac06e592b3ee6f55b14655776cd10734ee7cc04_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:14b37e4ecb1f2dd45dc6b1c3c34e6a06de69608de1bfbb1028eb6e1333ff2051_amd64 as a component of 8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:14b37e4ecb1f2dd45dc6b1c3c34e6a06de69608de1bfbb1028eb6e1333ff2051_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:14b37e4ecb1f2dd45dc6b1c3c34e6a06de69608de1bfbb1028eb6e1333ff2051_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:13a932c4f7b94f04a121e212e2a7df6be2fe968aab3015b04bd687147ba5435a_amd64 as a component of 8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:13a932c4f7b94f04a121e212e2a7df6be2fe968aab3015b04bd687147ba5435a_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:13a932c4f7b94f04a121e212e2a7df6be2fe968aab3015b04bd687147ba5435a_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:224ce9f8cc81e9fbe06cb21d49f629dc77b42c39126f0d32464fb73784575f93_amd64 as a component of 8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:224ce9f8cc81e9fbe06cb21d49f629dc77b42c39126f0d32464fb73784575f93_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:224ce9f8cc81e9fbe06cb21d49f629dc77b42c39126f0d32464fb73784575f93_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:bea0ea7d0296dd0a6977888ef92436b8e3e1f89aad1eb509243c047d776479c3_amd64 as a component of 8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-rhel8@sha256:bea0ea7d0296dd0a6977888ef92436b8e3e1f89aad1eb509243c047d776479c3_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-rhel8@sha256:bea0ea7d0296dd0a6977888ef92436b8e3e1f89aad1eb509243c047d776479c3_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:ad83f3ff0051133dd4f50d48cd22f488913db77c0e699abf6146af3a753ca3ea_amd64 as a component of 8Base-RHMTC-1.6",
"product_id": "8Base-RHMTC-1.6:rhmtc/openshift-velero-plugin-rhel8@sha256:ad83f3ff0051133dd4f50d48cd22f488913db77c0e699abf6146af3a753ca3ea_amd64"
},
"product_reference": "rhmtc/openshift-velero-plugin-rhel8@sha256:ad83f3ff0051133dd4f50d48cd22f488913db77c0e699abf6146af3a753ca3ea_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.6"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Andrew Collins"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2021-3948",
"cwe": {
"id": "CWE-276",
"name": "Incorrect Default Permissions"
},
"discovery_date": "2021-11-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.6:rhmtc/openshift-migration-log-reader-rhel8@sha256:5fe9ef99bfc10b6998488b830e9226222666a7481862c6bc126924ff0cf4a07d_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-must-gather-rhel8@sha256:1ced3e33a3b8644595502bcb141de52643e1321959fa6d2a7b50355146a7c63e_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-operator-bundle@sha256:0cd2afa67ba591346be07d94b888e43241007b8c627eb268f2a42726f48dfe01_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-registry-rhel8@sha256:f5d0f384a19dcd66a9d209c195a5189f4c42aaea24aff1216d0b19b0a5042051_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-rhel8-operator@sha256:16e16659f18d1667739feaba263c5f72d6d2f69330aeae9f21f2f1d9bd7f0b7d_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2af554a778172618e94025ed3b1cf0b68669e9a6ffcc1306d25a6c9550711c9e_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-ui-rhel8@sha256:4627aa27c2dc815b43ba31876d182bd68722580a5579887c0465ec992884ad07_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:2ced8362cb3814099759b2167ac06e592b3ee6f55b14655776cd10734ee7cc04_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:14b37e4ecb1f2dd45dc6b1c3c34e6a06de69608de1bfbb1028eb6e1333ff2051_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:13a932c4f7b94f04a121e212e2a7df6be2fe968aab3015b04bd687147ba5435a_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:224ce9f8cc81e9fbe06cb21d49f629dc77b42c39126f0d32464fb73784575f93_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-rhel8@sha256:bea0ea7d0296dd0a6977888ef92436b8e3e1f89aad1eb509243c047d776479c3_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-velero-plugin-rhel8@sha256:ad83f3ff0051133dd4f50d48cd22f488913db77c0e699abf6146af3a753ca3ea_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2022017"
}
],
"notes": [
{
"category": "description",
"text": "An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.6:rhmtc/openshift-migration-controller-rhel8@sha256:112ecc3cc6075008cab440b8d70d8874049c660b79911cff4060e9c948c1d55e_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.6:rhmtc/openshift-migration-log-reader-rhel8@sha256:5fe9ef99bfc10b6998488b830e9226222666a7481862c6bc126924ff0cf4a07d_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-must-gather-rhel8@sha256:1ced3e33a3b8644595502bcb141de52643e1321959fa6d2a7b50355146a7c63e_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-operator-bundle@sha256:0cd2afa67ba591346be07d94b888e43241007b8c627eb268f2a42726f48dfe01_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-registry-rhel8@sha256:f5d0f384a19dcd66a9d209c195a5189f4c42aaea24aff1216d0b19b0a5042051_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-rhel8-operator@sha256:16e16659f18d1667739feaba263c5f72d6d2f69330aeae9f21f2f1d9bd7f0b7d_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2af554a778172618e94025ed3b1cf0b68669e9a6ffcc1306d25a6c9550711c9e_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-ui-rhel8@sha256:4627aa27c2dc815b43ba31876d182bd68722580a5579887c0465ec992884ad07_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:2ced8362cb3814099759b2167ac06e592b3ee6f55b14655776cd10734ee7cc04_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:14b37e4ecb1f2dd45dc6b1c3c34e6a06de69608de1bfbb1028eb6e1333ff2051_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:13a932c4f7b94f04a121e212e2a7df6be2fe968aab3015b04bd687147ba5435a_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:224ce9f8cc81e9fbe06cb21d49f629dc77b42c39126f0d32464fb73784575f93_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-rhel8@sha256:bea0ea7d0296dd0a6977888ef92436b8e3e1f89aad1eb509243c047d776479c3_amd64",
"8Base-RHMTC-1.6:rhmtc/openshift-velero-plugin-rhel8@sha256:ad83f3ff0051133dd4f50d48cd22f488913db77c0e699abf6146af3a753ca3ea_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3948"
},
{
"category": "external",
"summary": "RHBZ#2022017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022017"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3948",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3948"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3948",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3948"
}
],
"release_date": "2021-11-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-01-20T06:31:23+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.6:rhmtc/openshift-migration-controller-rhel8@sha256:112ecc3cc6075008cab440b8d70d8874049c660b79911cff4060e9c948c1d55e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0202"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.6:rhmtc/openshift-migration-controller-rhel8@sha256:112ecc3cc6075008cab440b8d70d8874049c660b79911cff4060e9c948c1d55e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.