CVE Vulnerability

CVE-2020-27836

A flaw was found in cluster-ingress-operator. A change to how the router-default service allows only certain IP source ranges could allow an attacker to access resources that would otherwise be restricted to specified IP ranges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability..

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/openshift/cluster-ingress-operator/pull/507/commits/92c83f281ba5fb6a1d91ecc3beaa4bcf2647a729 Patch Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1906267 Issue Tracking Patch
https://access.redhat.com/security/cve/CVE-2020-27836 Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1905490 Issue Tracking Permissions Required
Configurations

Configuration 1
Information

Published : 2022-08-22 03:15

Updated : 2022-08-24 07:27

NVD link : CVE-2020-27836

Mitre link : CVE-2020-27836

Products Affected
No products.
CWE
CWE-732