CyberSec.Space Logo
Back to CVE Browser

CVE-2021-20198

HIGH
8.1
CVSS Severity Score
EPSS Score0.0140%
EPSS Percentile44.74th
PublishedFeb 23, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

A flaw was found in the OpenShift Installer before version v0.9.0-master.0.20210125200451-95101da940b0. During installation of OpenShift Container Platform 4 clusters, bootstrap nodes are provisioned with anonymous authentication enabled on kubelet port 10250. A remote attacker able to reach this port during installation can make unauthenticated `/exec` requests to execute arbitrary commands within running containers. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Affected Platforms (CPE)

📦
Redhat

Openshift Installer

< 0.9.0-master.0.20210125200451-95101da940b0

References & Advisories

🔗 https://bugzilla.redhat.com/show_bug.cgi?id=1920764
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=1920764

Related Vulnerabilities

CVE-2020-17319.1

A flaw was found in all versions of the Keycloak operator, before version 8.0.2,(community only) where the operator generates a ra...

CVE-2014-00237.8

OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution

CVE-2013-42537.5

The deployment script in the unsupported "OpenShift Extras" set of add-on scripts, in Red Hat Openshift 1, installs a default publ...

CVE-2020-17415.9

A flaw was found in openshift-ansible. OpenShift Container Platform (OCP) 3.11 is too permissive in the way it specified CORS allo...