CVE-2020-35514

EPSS 0.04%
Published 02.06.2021 14:15:09
Last modified 21.11.2024 05:27:28
Source secalert@redhat.com
Teams watchlist Login
Open Login

An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local access to the node, to copy this kubeconfig file and attempt to add their own node to the OpenShift cluster. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects versions before openshift4/ose-machine-config-operator v4.7.0-202105111858.p0.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Openshift Version < 4.7.0

Redhat ≫ Openshift Version4.7.0 Update-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.093

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7	1	5.9	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.4	3.4	6.4	AV:L/AC:M/Au:N/C:P/I:P/A:P

CWE-266 Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

https://bugzilla.redhat.com/show_bug.cgi?id=1914714

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2020-35514

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-35514

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-35514

EUVD