CVE-2020-10712 — Log File Information Exposure in Redhat Openshift Container Platform

CWE-532 — Log File Information Exposure5 documents5 sources

Severity

8.2HIGHNVD

CNA7.0

EPSS

0.2%

top 59.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Openshift Container Platform RED HAT Openshift Cluster-image-registry-operator

Timeline

PublishedApr 22

Latest updateMay 25

Description

A flaw was found in OpenShift Container Platform version 4.1 and later. Sensitive information was found to be logged by the image registry operator allowing an attacker able to gain access to those logs, to read and write to the storage backing the internal image registry. The highest threat from this vulnerability is to data integrity.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:NExploitability: 3.9 | Impact: 4.2

Affected Packages2 packages

▶CVEListV5red_hat/openshift_cluster-image-registry-operatorall ose-cluster-image-registry-operator-container 4.1 versions and later

▶NVDredhat/openshift_container_platform4.1

🔴Vulnerability Details

GHSA

Information Disclosure in OpenShift Container Platform↗2021-05-25

▶

CVEList

CVE-2020-10712: A flaw was found in OpenShift Container Platform version 4↗2020-04-22

▶

📋Vendor Advisories

Red Hat

openshift/cluster-image-registry-operator: secrets disclosed in logs↗2020-04-21

▶

💬Community

Bugzilla

CVE-2020-10712 openshift/cluster-image-registry-operator: secrets disclosed in logs↗2020-04-17

▶