Vulnerability Description
A flaw was found in cluster-ingress-operator. A change to how the router-default service allows only certain IP source ranges could allow an attacker to access resources that would otherwise be restricted to specified IP ranges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability..
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Openshift Container Platform | 4.6 |
| Redhat | Enterprise Linux | 8.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/security/cve/CVE-2020-27836Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1905490Issue TrackingPermissions RequiredVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1906267Issue TrackingPatchVendor Advisory
- https://github.com/openshift/cluster-ingress-operator/pull/507/commits/92c83f281PatchThird Party Advisory
- https://access.redhat.com/security/cve/CVE-2020-27836Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1905490Issue TrackingPermissions RequiredVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1906267Issue TrackingPatchVendor Advisory
- https://github.com/openshift/cluster-ingress-operator/pull/507/commits/92c83f281PatchThird Party Advisory
FAQ
What is CVE-2020-27836?
CVE-2020-27836 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A flaw was found in cluster-ingress-operator. A change to how the router-default service allows only certain IP source ranges could allow an attacker to access resources that would otherwise be restri...
How severe is CVE-2020-27836?
CVE-2020-27836 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-27836?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Openshift Container Platform, Redhat Enterprise Linux.