CVE-2020-35514

EPSS 0.04%
Veröffentlicht 02.06.2021 14:15:09
Zuletzt bearbeitet 21.11.2024 05:27:28
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local access to the node, to copy this kubeconfig file and attempt to add their own node to the OpenShift cluster. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects versions before openshift4/ose-machine-config-operator v4.7.0-202105111858.p0.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Openshift Version < 4.7.0

Redhat ≫ Openshift Version4.7.0 Update-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.093

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7	1	5.9	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.4	3.4	6.4	AV:L/AC:M/Au:N/C:P/I:P/A:P

CWE-266 Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

https://bugzilla.redhat.com/show_bug.cgi?id=1914714

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2020-35514

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-35514

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-35514

EUVD