Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-27836

A flaw was found in cluster-ingress-operator. A change to how the router-default service allows only certain IP source ranges could allow an attacker to access resources that would otherwise be restricted to specified IP ranges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability..

Published

2022-08-22T15:15:12.800

Last Modified

2024-11-21T05:21:54.280

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Secondary
CWE-732
Type: Primary
CWE-732

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	openshift_container_platform	4.6	Yes
Operating System	redhat	enterprise_linux	8.0	No

References

https://access.redhat.com/security/cve/CVE-2020-27836 Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=1905490 Issue Tracking, Permissions Required, Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=1906267 Issue Tracking, Patch, Vendor Advisory ([email protected])
https://github.com/openshift/cluster-ingress-operator/pull/507/commits/92c83f281ba5fb6a1d91ecc3beaa4bcf2647a729 Patch, Third Party Advisory ([email protected])
https://access.redhat.com/security/cve/CVE-2020-27836 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=1905490 Issue Tracking, Permissions Required, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=1906267 Issue Tracking, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/openshift/cluster-ingress-operator/pull/507/commits/92c83f281ba5fb6a1d91ecc3beaa4bcf2647a729 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)