OpenCVE

A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. This flaw allows an attacker with access to a backup to obtain OAuth tokens and then use them to log into the cluster as any user who logged into the cluster via the WebUI or via the command line in the last 24 hours. Once the backup is older than 24 hours the OAuth tokens are no longer valid.

No CVSS v4.0

Attack Vector Physical

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Openshift Openshift Container Platform

Configuration 1 [-]

cpe:2.3:a:redhat:openshift_container_platform:-:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat OpenShift Container Platform 4.6
openshift4/ose-oauth-server-rhel8:v4.6.0-202010061132.p0	cpe:/a:redhat:openshift:4.6::el8	RHBA-2020:4196	2020-10-27T00:00:00Z

References

Link	Providers
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10706
https://nvd.nist.gov/vuln/detail/CVE-2020-10706
https://www.cve.org/CVERecord?id=CVE-2020-10706

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2020-05-12T13:48:36

Updated: 2024-08-04T11:06:11.155Z

Reserved: 2020-03-20T00:00:00

Link: CVE-2020-10706

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-05-12T14:15:12.297

Modified: 2024-11-21T04:55:53.780

Link: CVE-2020-10706

Redhat

Severity : Moderate

Publid Date: 2020-04-30T00:00:00Z

Links: CVE-2020-10706 - Bugzilla

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift_container_platform:-:*:*:*:*:*:*:*", "matchCriteriaId": "6C3A7124-15D3-4ACD-AFE4-DC00F5E8909E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. This flaw allows an attacker with access to a backup to obtain OAuth tokens and then use them to log into the cluster as any user who logged into the cluster via the WebUI or via the command line in the last 24 hours. Once the backup is older than 24 hours the OAuth tokens are no longer valid."}, {"lang": "es", "value": "Se detect\u00f3 un fallo en OpenShift Container Platform donde los tokens OAuth no est\u00e1n encriptados cuando el cifrado de los datos en reposo est\u00e1 habilitado. Este fallo permite a un atacante con acceso a una copia de seguridad obtener tokens OAuth y luego usarlos para iniciar sesi\u00f3n en el cl\u00faster como cualquier usuario que haya iniciado sesi\u00f3n en el cl\u00faster por medio de la Interfaz de Usuario Web o por medio de la l\u00ednea de comandos en las \u00faltimas 24 horas. Una vez que la copia de seguridad es m\u00e1s antigua de 24 horas los tokens OAuth ya no son validos."}], "id": "CVE-2020-10706", "lastModified": "2024-11-21T04:55:53.780", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.4, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-05-12T14:15:12.297", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10706"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10706"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-312"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"acknowledgement": "This issue was discovered by Stefan Schimanski (Red Hat).", "affected_release": [{"advisory": "RHBA-2020:4196", "cpe": "cpe:/a:redhat:openshift:4.6::el8", "package": "openshift4/ose-oauth-server-rhel8:v4.6.0-202010061132.p0", "product_name": "Red Hat OpenShift Container Platform 4.6", "release_date": "2020-10-27T00:00:00Z"}], "bugzilla": {"description": "openshift/openshift-apiserver: oauth tokens not encrypted when enabling encryption of data at rest", "id": "1819011", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819011"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-312", "details": ["A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. This flaw allows an attacker with access to a backup to obtain OAuth tokens and then use them to log into the cluster as any user who logged into the cluster via the WebUI or via the command line in the last 24 hours. Once the backup is older than 24 hours the OAuth tokens are no longer valid.", "A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. This flaw allows an attacker with access to a backup to obtain OAuth tokens and then use them to log into the cluster as any user who logged into the cluster via the WebUI or via the command line in the last 24 hours. Once the backup is older than 24 hours the OAuth tokens are no longer valid."], "mitigation": {"lang": "en:us", "value": "If you have made a vulnerable backup public you can revoke leaked OAuth tokens by deleting them with the OpenShift API."}, "name": "CVE-2020-10706", "package_state": [{"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Will not fix", "package_name": "atomic-openshift", "product_name": "Red Hat OpenShift Container Platform 3.11"}], "public_date": "2020-04-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-10706\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10706"], "statement": "This issue only affects OpenShift Container Platform when the 'encryption at rest' feature enabled, see https://access.redhat.com/documentation/en-us/openshift_container_platform/4.3/html/authentication/encrypting-etcd. When backing up the encrypted data the keys should be stored separately to the data, making backups the most likely target of this attack.", "threat_severity": "Moderate"}