Lucene search

RedhatCVELIST:CVE-2020-25655

HistoryNov 09, 2020 - 2:38 p.m.

CVE-2020-25655

2020-11-0914:38:34

CWE-863

redhat

www.cve.org

5.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

28.6%

JSON

An issue was discovered in ManagedClusterView API, that could allow secrets to be disclosed to users without the correct permissions. Views created for an admin user would be made available for a short time to users with only view permission. In this short time window the user with view permission could read cluster secrets that should only be disclosed to admin users.

CNA Affected

[
  {
    "product": "open-cluster-management",
    "vendor": "Red Hat",
    "versions": [
      {
        "status": "affected",
        "version": "2.0.4"
      },
      {
        "status": "affected",
        "version": "2.1.0"
      }
    ]
  }
]

References

bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25655

5.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

28.6%

JSON

Related for CVELIST:CVE-2020-25655