What is the severity of RHSA-2020:5260?

The severity of RHSA-2020:5260 is considered moderate due to the potential for secret leaks in kube-controller-manager.

How do I fix RHSA-2020:5260?

To fix RHSA-2020:5260, update the affected packages to the specified versions listed in the advisory.

What packages are affected by RHSA-2020:5260?

The affected packages include cri-o, ironic-images, openshift, and openshift-clients among others.

What is the impact of RHSA-2020:5260?

The impact of RHSA-2020:5260 could allow unauthorized users to access sensitive secrets managed by Kubernetes.

Is there a workaround for RHSA-2020:5260?

No specific workaround is provided for RHSA-2020:5260; updating to the fixed versions is recommended.

Vulnerability/
RHSA-2020:5260

14/12/2020

3/11/2024

RHSA-2020:5260: Moderate: OpenShift Container Platform 4.6.8 security and packages update

First published: Mon Dec 14 2020(Updated: )

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): <li> kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider (CVE-2020-8563)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.8. See the following advisory for the container images for this release: <a href="https://access.redhat.com/errata/RHSA-2020:5259" target="_blank">https://access.redhat.com/errata/RHSA-2020:5259</a> All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at <a href="https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor." target="_blank">https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor.</a>

Never miss a vulnerability like this again

Reference Links

https://access.redhat.com/errata/RHSA-2020:5260 (Advisory)

Frequently Asked Questions

What is the severity of RHSA-2020:5260?
The severity of RHSA-2020:5260 is considered moderate due to the potential for secret leaks in kube-controller-manager.
How do I fix RHSA-2020:5260?
To fix RHSA-2020:5260, update the affected packages to the specified versions listed in the advisory.
What packages are affected by RHSA-2020:5260?
The affected packages include cri-o, ironic-images, openshift, and openshift-clients among others.
What is the impact of RHSA-2020:5260?
The impact of RHSA-2020:5260 could allow unauthorized users to access sensitive secrets managed by Kubernetes.
Is there a workaround for RHSA-2020:5260?
No specific workaround is provided for RHSA-2020:5260; updating to the fixed versions is recommended.

agent/severity
agent/type
agent/first-publish-date
agent/softwarecombine
agent/last-modified-date
agent/remedy
agent/title
agent/description
collector/redhat-errata
source/Red Hat
anchor-id/RHSA-2020:5260
agent/software-canonical-lookup
agent/references
agent/tags
agent/event
agent/source
package-manager/redhat