What is the severity of CVE-2020-27836?

The severity of CVE-2020-27836 is critical due to its potential impact on data confidentiality.

How do I fix CVE-2020-27836?

To fix CVE-2020-27836, upgrade the ose-cluster-ingress-operator-container to version 202012161211 or later.

Which software is affected by CVE-2020-27836?

CVE-2020-27836 affects ose-cluster-ingress-operator-container version v4.6.0 up to but not including 202012161211.

What types of attacks can CVE-2020-27836 facilitate?

CVE-2020-27836 can allow unauthorized access to resources by manipulating IP source ranges.

Is Red Hat OpenShift Container Platform vulnerable to CVE-2020-27836?

Yes, Red Hat OpenShift Container Platform version 4.6 is vulnerable to CVE-2020-27836.

Vulnerability/
CVE-2020-27836

critical

9.8

CWE

732

10/12/2020

22/8/2022

4/8/2024

CVE-2020-27836

First published: Thu Dec 10 2020(Updated: )

A flaw was found in cluster-ingress-operator. A change to how the router-default service allows only certain IP source ranges could allow an attacker to access resources that would otherwise be restricted to specified IP ranges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability..

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
redhat/ose-cluster-ingress-operator-container-v4.6.0	<202012161211.	202012161211.
Red Hat OpenShift Container Platform	=4.6
Red Hat Enterprise Linux	=8.0

Remedy

https://bugzilla.redhat.com/show_bug.cgi?id=1906267

Remedy

https://github.com/openshift/cluster-ingress-operator/pull/507/commits/92c83f281ba5fb6a1d91ecc3beaa4bcf2647a729

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2020-27836?
The severity of CVE-2020-27836 is critical due to its potential impact on data confidentiality.
How do I fix CVE-2020-27836?
To fix CVE-2020-27836, upgrade the ose-cluster-ingress-operator-container to version 202012161211 or later.
Which software is affected by CVE-2020-27836?
CVE-2020-27836 affects ose-cluster-ingress-operator-container version v4.6.0 up to but not including 202012161211.
What types of attacks can CVE-2020-27836 facilitate?
CVE-2020-27836 can allow unauthorized access to resources by manipulating IP source ranges.
Is Red Hat OpenShift Container Platform vulnerable to CVE-2020-27836?
Yes, Red Hat OpenShift Container Platform version 4.6 is vulnerable to CVE-2020-27836.

agent/references
agent/type
agent/remedy
agent/first-publish-date
agent/severity
agent/weakness
agent/author
agent/description
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2020-27836
agent/software-canonical-lookup
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
collector/nvd-index
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
agent/source
package-manager/redhat
vendor/redhat
canonical/red hat openshift container platform
version/red hat openshift container platform/4.6
canonical/red hat enterprise linux
version/red hat enterprise linux/8.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.