← Back

CVE-2020-27836

nvd nist
Published: Aug 22, 2022Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

A flaw was found in cluster-ingress-operator. A change to how the router-default service allows only certain IP source ranges could allow an attacker to access resources that would otherwise be restricted to specified IP ranges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability..

Affected (1)

Redhat
1 product
Openshift Container Platform
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Openshift Container Platform
Version 4.6
Running on/withPlatform Versions
Redhat
Enterprise Linux
Version 8.0

Related CWEs

CWE-732
Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (8)

Source: secalert@redhat.com
Vendor Advisory
Source: secalert@redhat.com
Issue TrackingPermissions RequiredVendor Advisory
Source: secalert@redhat.com
Issue TrackingPatchVendor Advisory
Source: secalert@redhat.com
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPermissions RequiredVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory

Timeline

No history available yet.