PT-2020-12313 · Red Hat · Openshift Api Server

Published

2020-06-12

Updated

2021-07-21

CVE-2020-10752

CVSS v3.1

7.5

High

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenShift API Server (affected versions not specified)

Description A flaw was found in the OpenShift API Server where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server panic occurred. This allows an attacker with the ability to cause an API Server error to read the logs and use the leaked OAuthToken to log into the API Server with the leaked token.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Insertion into Log File

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532CWE-522

Related Identifiers

CVE-2020-10752

Affected Products

Openshift Api Server

PT-2020-12313 · Red Hat · Openshift Api Server

CVE-2020-10752

Weakness Enumeration

Related Identifiers

Affected Products

References · 5