{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-14306","assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","dateUpdated":"2024-08-04T12:39:36.236Z","dateReserved":"2020-06-17T00:00:00.000Z","datePublished":"2020-09-16T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat","dateUpdated":"2022-10-07T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"An incorrect access control flaw was found in the operator, openshift-service-mesh/istio-rhel8-operator all versions through 1.1.3. This flaw allows an attacker with a basic level of access to the cluster to deploy a custom gateway/pod to any namespace, potentially gaining access to privileged service account tokens. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."}],"affected":[{"vendor":"n/a","product":"openshift-service-mesh/istio-rhel8-operator","versions":[{"version":"all versions through 1.1.3","status":"affected"}]}],"references":[{"url":"https://github.com/maistra/istio-operator/pull/462"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1850380"}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-862","cweId":"CWE-862"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T12:39:36.236Z"},"title":"CVE Program Container","references":[{"url":"https://github.com/maistra/istio-operator/pull/462","tags":["x_transferred"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1850380","tags":["x_transferred"]}]}]}}