CVE-2021-20198

A flaw was found in the OpenShift Installer before version v0.9.0-master.0.20210125200451-95101da940b0. During installation of OpenShift Container Platform 4 clusters, bootstrap nodes are provisioned with anonymous authentication enabled on kubelet port 10250. A remote attacker able to reach this port during installation can make unauthenticated `/exec` requests to execute arbitrary commands within running containers. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS v3 8.1 HIGH
CVSS v2.0 6.8 MEDIUM

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1920764	Issue Tracking Patch Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1920764	Issue Tracking Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:openshift_installer:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:46

Type	Values Removed	Values Added
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=1920764 - Issue Tracking, Patch, Vendor Advisory~~	() https://bugzilla.redhat.com/show_bug.cgi?id=1920764 - Issue Tracking, Patch, Vendor Advisory

Information

Published : 2021-02-23 18:15

Updated : 2024-11-21 05:46

NVD link : CVE-2021-20198

Mitre link : CVE-2021-20198

CVE.ORG link : CVE-2021-20198

JSON object : View

Products Affected

redhat

openshift_installer

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2021-20198", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2021-02-23T18:15:13.287", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1920764", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1920764", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in the OpenShift Installer before version v0.9.0-master.0.20210125200451-95101da940b0. During installation of OpenShift Container Platform 4 clusters, bootstrap nodes are provisioned with anonymous authentication enabled on kubelet port 10250. A remote attacker able to reach this port during installation can make unauthenticated `/exec` requests to execute arbitrary commands within running containers. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en el instalador de OpenShift versiones anteriores a v0.9.0-master.0.20210125200451-95101da940b0. Durante la instalaci\u00f3n de los cl\u00fasteres de OpenShift Container Platform versi\u00f3n 4, los nodos de arranque se aprovisionan con autenticaci\u00f3n an\u00f3nima habilitada en el puerto 10250 de kubelet. Un atacante remoto capaz de llegar a este puerto durante la instalaci\u00f3n puede realizar peticiones \"/exec\" no autenticadas para ejecutar comandos arbitrarios dentro de contenedores en ejecuci\u00f3n. La mayor amenaza de esta vulnerabilidad es la confidencialidad e integridad de los datos, as\u00ed como la disponibilidad del sistema"}], "lastModified": "2024-11-21T05:46:06.930", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift_installer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD47923E-8DE5-46A2-875C-15F8EFE22004", "versionEndExcluding": "0.9.0-master.0.20210125200451-95101da940b0"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}