CVE-2020-27836
First published: Thu Dec 10 2020(Updated: )
A flaw was found in cluster-ingress-operator. A change to how the router-default service allows only certain IP source ranges could allow an attacker to access resources that would otherwise be restricted to specified IP ranges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability..
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Openshift Container Platform | =4.6 | |
| Redhat Enterprise Linux | =8.0 | |
| redhat/ose-cluster-ingress-operator-container-v4.6.0 | <202012161211. | 202012161211. |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2020-27836
- https://bugzilla.redhat.com/show_bug.cgi?id=1905490
- https://bugzilla.redhat.com/show_bug.cgi?id=1906267
- https://github.com/openshift/cluster-ingress-operator/pull/507/commits/92c83f281ba5fb6a1d91ecc3beaa4bcf2647a729
- https://access.redhat.com/solutions/5158751
- https://github.com/openshift/cluster-ingress-operator/pull/507
- https://access.redhat.com/errata/RHSA-2020:5614
- https://access.redhat.com/security/cve/cve-2020-27836
- collector/nvd-index
- agent/references
- agent/type
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/author
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-27836
- agent/software-canonical-lookup
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/redhat
- canonical/redhat openshift container platform
- version/redhat openshift container platform/4.6
- canonical/redhat enterprise linux
- version/redhat enterprise linux/8.0
- package-manager/redhat