CVE-2020-27836 — Incorrect Permission Assignment in Redhat Openshift Container Platform

CWE-732 — Incorrect Permission Assignment3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.7%

top 27.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Openshift Container Platform

Timeline

PublishedAug 22

Description

A flaw was found in cluster-ingress-operator. A change to how the router-default service allows only certain IP source ranges could allow an attacker to access resources that would otherwise be restricted to specified IP ranges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability..

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages0 packages

Also affects: Openshift Container Platform 4.6

Patches

Patch: bugzilla.redhat.com ↗Patch: github.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

CVEList

CVE-2020-27836: A flaw was found in cluster-ingress-operator↗2022-08-22

▶

📋Vendor Advisories

Red Hat

cluster-ingress-operator: changes to loadBalancerSourceRanges overwritten by operator↗2020-12-10

▶