← Retour aux CVEs

CVE-2020-27836

CRITICAL

9.8

Description

A flaw was found in cluster-ingress-operator. A change to how the router-default service allows only certain IP source ranges could allow an attacker to access resources that would otherwise be restricted to specified IP ranges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability..

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie8/22/2022

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

redhat:enterprise_linuxredhat:openshift_container_platform

Faiblesses (CWE)

CWE-732CWE-732

References

https://access.redhat.com/security/cve/CVE-2020-27836(secalert@redhat.com)

https://bugzilla.redhat.com/show_bug.cgi?id=1905490(secalert@redhat.com)

https://bugzilla.redhat.com/show_bug.cgi?id=1906267(secalert@redhat.com)

https://github.com/openshift/cluster-ingress-operator/pull/507/commits/92c83f281ba5fb6a1d91ecc3beaa4bcf2647a729(secalert@redhat.com)

https://access.redhat.com/security/cve/CVE-2020-27836(af854a3a-2127-422b-91ae-364da2661108)

https://bugzilla.redhat.com/show_bug.cgi?id=1905490(af854a3a-2127-422b-91ae-364da2661108)

https://bugzilla.redhat.com/show_bug.cgi?id=1906267(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/openshift/cluster-ingress-operator/pull/507/commits/92c83f281ba5fb6a1d91ecc3beaa4bcf2647a729(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.