CVE-2020-10752 — Insufficiently Protected Credentials in Openshift-apiserver

CWE-522 — Insufficiently Protected Credentials CWE-532 — Log File Information Exposure CWE-400 — Uncontrolled Resource Consumption5 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 46.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openshift Openshift-apiserver Redhat Openshift Container Platform

Timeline

PublishedJun 12

Latest updateMay 24

Description

A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server panic occurred. This flaw allows an attacker with the ability to cause an API Server error to read the logs, and use the leaked OAuthToken to log into the API Server with the leaked token.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages1 packages

▶CVEListV5openshift/openshift_openshift-apiserverAll versions

Also affects: Openshift Container Platform 3.11, 4.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-3cmv-p7jw-h3fg: A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server pan↗2022-05-24

▶

CVEList

CVE-2020-10752: A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server pan↗2020-06-12

▶

📋Vendor Advisories

Red Hat

openshift/openshift-apiserver: oauthtokens leaked to logs on panic↗2020-06-10

▶

💬Community

Bugzilla

CVE-2020-10752 openshift/openshift-apiserver: oauthtokens leaked to logs on panic↗2020-05-26

▶