CVE-2020-27836

CVSS V2 None CVSS V3 Critical 9.8
Description
A flaw was found in cluster-ingress-operator. A change to how the router-default service allows only certain IP source ranges could allow an attacker to access resources that would otherwise be restricted to specified IP ranges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability..
Overview
  • CVE ID
  • CVE-2020-27836
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-08-22T15:15:12
  • Last Modified Date
  • 2022-08-24T19:27:41
Weakness Enumerations
CWE URL
CWE-732 http://cwe.mitre.org/data/definitions/732.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:a:redhat:openshift_container_platform:4.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* 0 OR
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • HIGH
  • Base Score
  • 9.8
  • Base Severity
  • CRITICAL
  • Exploitability Score
  • 3.9
  • Impact Score
  • 5.9
References
Reference URL Reference Tags
https://github.com/openshift/cluster-ingress-operator/pull/507/commits/92c83f281ba5fb6a1d91ecc3beaa4bcf2647a729
https://bugzilla.redhat.com/show_bug.cgi?id=1906267
https://access.redhat.com/security/cve/CVE-2020-27836
https://bugzilla.redhat.com/show_bug.cgi?id=1905490
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2020-27836
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27836
History
Created Old Value New Value Data Type Notes
2022-08-22 16:00:12 Added to TrackCVE