A vulnerability exists in the Event Streams 10.0.0 schema registry that allows unauthorised access to create, edit and delete schemas
CVEID:CVE-2020-4662
**DESCRIPTION:**IBM Event Streams could allow an authenticated user to perform tasks to a schema due to improper authentication validation.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/186233 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Event Streams | 10.0.0 |
To fix this issue you will need to have access to the following image in the ibm entitled registry
If you have an air gapped install you will need to pull down this image into your private image repository and make a note of the location.
oc get csv -n <NAMESPACE>
, substituting <NAMESPACE>
for where you have deployed IBM Event Streams. You should get an entry named ibm-eventstreams.v2.0.0 or ibm-eventstreams.v2.0.1None