// For flags

CVE-2020-35514

 

Severity Score

7.0
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local access to the node, to copy this kubeconfig file and attempt to add their own node to the OpenShift cluster. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects versions before openshift4/ose-machine-config-operator v4.7.0-202105111858.p0.

Se ha detectado un fallo de modificación no segura en el archivo /etc/kubernetes/kubeconfig en OpenShift. Este fallo permite a un atacante con acceso a un contenedor en ejecución que monta el archivo /etc/kubernetes o que tiene acceso local al nodo, copiar este archivo kubeconfig e intentar añadir su propio nodo al clúster de OpenShift. La mayor amenaza de esta vulnerabilidad es la confidencialidad, la integridad, así como la disponibilidad del sistema. Este fallo afecta a versiones anteriores a openshift4/ose-machine-config-operator v4.7.0-202105111858.p0

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-12-17 CVE Reserved
  • 2021-06-02 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-266: Incorrect Privilege Assignment
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://bugzilla.redhat.com/show_bug.cgi?id=1914714 2021-06-11
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Redhat
Search vendor "Redhat"
 Openshift
Search vendor "Redhat" for product "Openshift"
 < 4.7.0
Search vendor "Redhat" for product "Openshift" and version " < 4.7.0"
-
Affected
Redhat
Search vendor "Redhat"
 Openshift
Search vendor "Redhat" for product "Openshift"
 4.7.0
Search vendor "Redhat" for product "Openshift" and version "4.7.0"
-
Affected