CVE-2020-35514

An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local access to the node, to copy this kubeconfig file and attempt to add their own node to the OpenShift cluster. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects versions before openshift4/ose-machine-config-operator v4.7.0-202105111858.p0.

Published: Jun 2, 2021
Updated: Apr 14, 2023
CVE: CVE-2020-35514
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 4.4
AV:L/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-266

Affected Software
References

Software	From	Fixed in
redhat / openshift	4.7.0	4.7.0.x
redhat / openshift	-	4.7.0

https://bugzilla.redhat.com/show_bug.cgi?id=1914714

Vulnerability Database

289,599

CVE-2020-35514