← back
CVE-2020-14306

CVE-2020-14306

EPSS 1.3%CWE-862
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 1.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
16 Sep 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An incorrect access control flaw was found in the operator, openshift-service-mesh/istio-rhel8-operator all versions through 1.1.3. This flaw allows an attacker with a basic level of access to the cluster to deploy a custom gateway/pod to any namespace, potentially gaining access to privileged service account tokens. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Affected products
n/a · openshift-service-mesh/istio-rhel8-operator

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugzilla.redhat.com/show_bug.cgi?id=1850380https://github.com/maistra/istio-operator/pull/462