CVE-2020-10712
First published: Wed Apr 22 2020(Updated: )
A flaw was found in OpenShift Container Platform version 4.1 and later. Sensitive information was found to be logged by the image registry operator allowing an attacker able to gain access to those logs, to read and write to the storage backing the internal image registry. The highest threat from this vulnerability is to data integrity.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat OpenShift Container Platform | <=4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-10712?
CVE-2020-10712 is considered a high severity vulnerability due to the risk of unauthorized access to sensitive information.
How do I fix CVE-2020-10712?
To mitigate CVE-2020-10712, it's recommended to upgrade to a patched version of OpenShift Container Platform that addresses this logging issue.
What can attackers do with CVE-2020-10712?
Attackers who exploit CVE-2020-10712 can gain access to sensitive logs that may contain confidential information related to the image registry.
Which versions of OpenShift Container Platform are affected by CVE-2020-10712?
CVE-2020-10712 affects OpenShift Container Platform versions 4.1 and later.
Is there a workaround for CVE-2020-10712?
While upgrading is the recommended solution for CVE-2020-10712, review your log access controls as a temporary measure to reduce exposure.
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/references
- agent/author
- agent/description
- agent/type
- vendor/redhat
- canonical/red hat openshift container platform
- version/red hat openshift container platform/4.1