CVE-2020-27836

A flaw was found in cluster-ingress-operator. A change to how the router-default service allows only certain IP source ranges could allow an attacker to access resources that would otherwise be restricted to specified IP ranges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability..

Published: Aug 22, 2022
Updated: Apr 14, 2023
CVE: CVE-2020-27836
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-732

Affected Software
References

Software	From	Fixed in
redhat / openshift_container_platform	4.6	4.6.x

https://access.redhat.com/security/cve/CVE-2020-27836
https://bugzilla.redhat.com/show_bug.cgi?id=1905490
https://bugzilla.redhat.com/show_bug.cgi?id=1906267
https://github.com/openshift/cluster-ingress-operator/pull/507/commits/92c83f281ba5fb6a1d91ecc3beaa4bcf2647a729

Vulnerability Database

289,599

CVE-2020-27836