CVE-2020-10706
First published: Tue May 12 2020(Updated: )
A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. This flaw allows an attacker with access to a backup to obtain OAuth tokens and then use them to log into the cluster as any user who logged into the cluster via the WebUI or via the command line in the last 24 hours. Once the backup is older than 24 hours the OAuth tokens are no longer valid.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat OpenShift Container Platform |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-10706?
CVE-2020-10706 has been classified with a high severity rating due to the potential exposure of sensitive OAuth tokens.
How do I fix CVE-2020-10706?
To mitigate CVE-2020-10706, ensure that OAuth tokens are encrypted by configuring the encryption settings for data at rest in OpenShift Container Platform.
Who is affected by CVE-2020-10706?
Organizations using OpenShift Container Platform versions that have data at rest encryption enabled without proper token encryption are affected by CVE-2020-10706.
What are the potential impacts of CVE-2020-10706?
An attacker with access to unencrypted OAuth tokens can gain unauthorized access to the OpenShift cluster, impersonating legitimate users.
When was CVE-2020-10706 discovered?
CVE-2020-10706 was discovered and publicly disclosed in 2020.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/references
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- agent/source
- vendor/redhat
- canonical/red hat openshift container platform