CVE-2020-25655
Last modified
CVE-2020-25655 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. An issue was discovered in ManagedClusterView API, that could allow secrets to be disclosed to users without the correct permissions. Views created for an admin user would be made available for a short time to users with only view permission. EPSS estimates a 0.60% chance of exploitation in the next 30 days.
Description
An issue was discovered in ManagedClusterView API, that could allow secrets to be disclosed to users without the correct permissions. Views created for an admin user would be made available for a short time to users with only view permission. In this short time window the user with view permission could read cluster secrets that should only be disclosed to admin users.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Advanced Cluster Management For Kubernetes | 2.0 |
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25655Issue Tracking, Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25655Issue Tracking, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-25655?
How severe is CVE-2020-25655?
How do I fix CVE-2020-25655?
Are you affected by CVE-2020-25655?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST