PT-2021-11782 · Red Hat · Openshift
Juan Osorio Robles
·
Published
2021-06-02
·
Updated
2021-06-11
·
CVE-2020-35514
CVSS v3.1
7.0
High
| Vector | AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
OpenShift versions prior to openshift4/ose-machine-config-operator v4.7.0-202105111858.p0.
Description:
An insecure modification flaw was found in the /etc/kubernetes/kubeconfig file in OpenShift, allowing an attacker with access to a running container that mounts /etc/kubernetes or has local access to the node to copy the kubeconfig file. This could enable the attacker to attempt to add their own node to the OpenShift cluster, posing a threat to confidentiality, integrity, and system availability.
Recommendations:
For versions prior to openshift4/ose-machine-config-operator v4.7.0-202105111858.p0, update to version v4.7.0-202105111858.p0 or later to resolve the issue. As a temporary workaround, consider restricting access to the /etc/kubernetes/kubeconfig file to minimize the risk of exploitation.
Fix
Incorrect Privilege Assignment
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openshift