CVE-2020-14306

CVE-2020-14306

Vendor N/A
Product openshift-service-mesh/istio-rhel8-operator
Weakness CWE-862 · Missing authorization
Published September 16, 2020
Last update August 4, 2024

CVSS base score

What the vulnerability does

01Description

An incorrect access control flaw was found in the operator, openshift-service-mesh/istio-rhel8-operator all versions through 1.1.3. This flaw allows an attacker with a basic level of access to the cluster to deploy a custom gateway/pod to any namespace, potentially gaining access to privileged service account tokens. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Key dates

02Disclosure timeline

September 16, 2020 CVE published
August 4, 2024 Record updated

Related vulnerabilities

04Related CVE