csaf_redhat - rhsa-2021

rhsa-2021_4848

Vulnerability from csaf_redhat

Published

2021-11-29 14:32

Modified

2024-11-22 17:29

Summary

Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.5.2 security update and bugfix advisory

Notes

Topic

The Migration Toolkit for Containers (MTC) 1.5.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Security Fix(es): * nodejs-immer: prototype pollution may lead to DoS or remote code execution (CVE-2021-3757) * mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "The Migration Toolkit for Containers (MTC) 1.5.2 is now available.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API.\n\nSecurity Fix(es):\n\n* nodejs-immer: prototype pollution may lead to DoS or remote code execution (CVE-2021-3757)\n\n* mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:4848",
        "url": "https://access.redhat.com/errata/RHSA-2021:4848"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2000734",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000734"
      },
      {
        "category": "external",
        "summary": "2005438",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005438"
      },
      {
        "category": "external",
        "summary": "2006842",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006842"
      },
      {
        "category": "external",
        "summary": "2007429",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007429"
      },
      {
        "category": "external",
        "summary": "2022017",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022017"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4848.json"
      }
    ],
    "title": "Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.5.2 security update and bugfix advisory",
    "tracking": {
      "current_release_date": "2024-11-22T17:29:39+00:00",
      "generator": {
        "date": "2024-11-22T17:29:39+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2021:4848",
      "initial_release_date": "2021-11-29T14:32:07+00:00",
      "revision_history": [
        {
          "date": "2021-11-29T14:32:07+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-11-29T14:32:07+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T17:29:39+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "8Base-RHMTC-1.5",
                "product": {
                  "name": "8Base-RHMTC-1.5",
                  "product_id": "8Base-RHMTC-1.5",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhmt:1.5::el8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "7Server-RHMTC-1.5",
                "product": {
                  "name": "7Server-RHMTC-1.5",
                  "product_id": "7Server-RHMTC-1.5",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhmt:1.5::el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Migration Toolkit"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
                  "product_id": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8\u0026tag=v1.5.2-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
                  "product_id": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-legacy-rhel8-operator\u0026tag=v1.5.2-8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
                  "product_id": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8\u0026tag=v1.5.2-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
                  "product_id": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8\u0026tag=v1.5.2-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
                  "product_id": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle\u0026tag=v1.5.2-15"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
                  "product_id": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8\u0026tag=v1.5.2-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
                  "product_id": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8\u0026tag=v1.5.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
                  "product_id": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8\u0026tag=v1.5.2-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
                  "product_id": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-rhel8\u0026tag=v1.5.2-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
                  "product_id": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-aws-rhel8\u0026tag=v1.5.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
                  "product_id": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8\u0026tag=v1.5.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
                  "product_id": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8\u0026tag=v1.5.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
                  "product_id": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-restic-restore-helper-rhel8\u0026tag=v1.5.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64",
                "product": {
                  "name": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64",
                  "product_id": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-velero-plugin-rhel8\u0026tag=v1.5.2-3"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64 as a component of 7Server-RHMTC-1.5",
          "product_id": "7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
        "relates_to_product_reference": "7Server-RHMTC-1.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64 as a component of 8Base-RHMTC-1.5",
          "product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64 as a component of 8Base-RHMTC-1.5",
          "product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64 as a component of 8Base-RHMTC-1.5",
          "product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64 as a component of 8Base-RHMTC-1.5",
          "product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64 as a component of 8Base-RHMTC-1.5",
          "product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64 as a component of 8Base-RHMTC-1.5",
          "product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64 as a component of 8Base-RHMTC-1.5",
          "product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64 as a component of 8Base-RHMTC-1.5",
          "product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64 as a component of 8Base-RHMTC-1.5",
          "product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64 as a component of 8Base-RHMTC-1.5",
          "product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64 as a component of 8Base-RHMTC-1.5",
          "product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64 as a component of 8Base-RHMTC-1.5",
          "product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64 as a component of 8Base-RHMTC-1.5",
          "product_id": "8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
        },
        "product_reference": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-3757",
      "cwe": {
        "id": "CWE-915",
        "name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
      },
      "discovery_date": "2021-09-02T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
            "8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
            "8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
            "8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
            "8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
            "8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
            "8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
            "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
            "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
            "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
            "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
            "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
            "8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2000734"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in immer when manipulates object attributes such as _proto_, constructor and prototype. An attacker can manipulate these values by overwriting and polluting them. Those attributes would be inherited by JavaScript objects which could trigger exception handlers and leading into a denial of service attack.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-immer: prototype pollution may lead to DoS or remote code execution",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Container Platform (OCP) and OpenShift Migration Toolkit for Containers (MTC), the affected components are behind OpenShift OAuth authentication. This restricts access to the vulnerable nodejs-immer library to authenticated users only, therefore the impact is Low.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64"
        ],
        "known_not_affected": [
          "7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
          "8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
          "8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
          "8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
          "8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
          "8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
          "8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
          "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
          "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
          "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
          "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
          "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
          "8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-3757"
        },
        {
          "category": "external",
          "summary": "RHBZ#2000734",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000734"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3757",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-3757"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3757",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3757"
        },
        {
          "category": "external",
          "summary": "https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa",
          "url": "https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa"
        }
      ],
      "release_date": "2021-08-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-11-29T14:32:07+00:00",
          "details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
          "product_ids": [
            "8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:4848"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "nodejs-immer: prototype pollution may lead to DoS or remote code execution"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Andrew Collins"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2021-3948",
      "cwe": {
        "id": "CWE-276",
        "name": "Incorrect Default Permissions"
      },
      "discovery_date": "2021-11-10T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
            "8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
            "8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
            "8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
            "8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
            "8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
            "8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
            "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
            "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
            "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
            "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
            "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
            "8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2022017"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64"
        ],
        "known_not_affected": [
          "7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
          "8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
          "8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
          "8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
          "8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
          "8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
          "8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
          "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
          "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
          "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
          "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
          "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
          "8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-3948"
        },
        {
          "category": "external",
          "summary": "RHBZ#2022017",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022017"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3948",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-3948"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3948",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3948"
        }
      ],
      "release_date": "2021-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-11-29T14:32:07+00:00",
          "details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
          "product_ids": [
            "8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:4848"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)"
    }
  ]
}

cve-2021-3948

Vulnerability from cvelistv5

Published

2022-02-18 00:00

Modified

2024-08-03 17:09

Severity ?

Summary

An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster.

References

▼	URL	Tags
	https://bugzilla.redhat.com/show_bug.cgi?id=2022017

Impacted products

	Vendor	Product	Version
	n/a	mig-controller	Version: konveyor/mig-controller release-1.5.2, konveyor/mig-controller release-1.6.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:09:09.782Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022017"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mig-controller",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "konveyor/mig-controller release-1.5.2, konveyor/mig-controller release-1.6.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-07T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022017"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-3948",
    "datePublished": "2022-02-18T00:00:00",
    "dateReserved": "2021-11-11T00:00:00",
    "dateUpdated": "2024-08-03T17:09:09.782Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-3757

Vulnerability from cvelistv5

Published

2021-09-02 12:06

Modified

2024-08-03 17:09

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

References

▼	URL	Tags
	https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237	x_refsource_MISC
	https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	immerjs	immerjs/immer	Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:09:09.144Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "immerjs/immer",
          "vendor": "immerjs",
          "versions": [
            {
              "lessThanOrEqual": "9.0.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1321",
              "description": "CWE-1321 Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-02T12:06:26",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa"
        }
      ],
      "source": {
        "advisory": "23d38099-71cd-42ed-a77a-71e68094adfa",
        "discovery": "EXTERNAL"
      },
      "title": "Prototype Pollution in immerjs/immer",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@huntr.dev",
          "ID": "CVE-2021-3757",
          "STATE": "PUBLIC",
          "TITLE": "Prototype Pollution in immerjs/immer"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "immerjs/immer",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "9.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "immerjs"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-1321 Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237",
              "refsource": "MISC",
              "url": "https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237"
            },
            {
              "name": "https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa",
              "refsource": "CONFIRM",
              "url": "https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa"
            }
          ]
        },
        "source": {
          "advisory": "23d38099-71cd-42ed-a77a-71e68094adfa",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2021-3757",
    "datePublished": "2021-09-02T12:06:26",
    "dateReserved": "2021-08-31T00:00:00",
    "dateUpdated": "2024-08-03T17:09:09.144Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

rhsa-2021_4848

Vulnerability from csaf_redhat

cve-2021-3948

Vulnerability from cvelistv5

cve-2021-3757

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature