{"containers": {"cna": {"affected": [{"product": "openshift/machine-config-operator", "vendor": "n/a", "versions": [{"status": "affected", "version": "Unspecified"}]}], "descriptions": [{"lang": "en", "value": "An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local access to the node, to copy this kubeconfig file and attempt to add their own node to the OpenShift cluster. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects versions before openshift4/ose-machine-config-operator v4.7.0-202105111858.p0."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-266", "description": "CWE-266", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-06-02T13:22:12.000Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914714"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:02:08.247Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914714"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-35514", "datePublished": "2021-06-02T13:22:12.000Z", "dateReserved": "2020-12-17T00:00:00.000Z", "dateUpdated": "2024-08-04T17:02:08.247Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*", "matchCriteriaId": "AC917AC2-DD18-4DD6-80B4-4A1BE1A62D10", "versionEndExcluding": "4.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift:4.7.0:-:*:*:*:*:*:*", "matchCriteriaId": "5D5A79FB-491F-4030-8F6F-C3691F9D7D58", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local access to the node, to copy this kubeconfig file and attempt to add their own node to the OpenShift cluster. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects versions before openshift4/ose-machine-config-operator v4.7.0-202105111858.p0."}, {"lang": "es", "value": "Se ha detectado un fallo de modificaci\u00f3n no segura en el archivo /etc/kubernetes/kubeconfig en OpenShift. Este fallo permite a un atacante con acceso a un contenedor en ejecuci\u00f3n que monta el archivo /etc/kubernetes o que tiene acceso local al nodo, copiar este archivo kubeconfig e intentar a\u00f1adir su propio nodo al cl\u00faster de OpenShift. La mayor amenaza de esta vulnerabilidad es la confidencialidad, la integridad, as\u00ed como la disponibilidad del sistema. Este fallo afecta a versiones anteriores a openshift4/ose-machine-config-operator v4.7.0-202105111858.p0"}], "id": "CVE-2020-35514", "lastModified": "2024-11-21T05:27:28.540", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-02T14:15:09.577", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914714"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914714"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-266"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "This issue was discovered by Juan Osorio Robles (Red Hat).", "bugzilla": {"description": "openshift/machine-config-operator: /etc/kubernetes/kubeconfig is given incorrect privileges", "id": "1914714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914714"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-266", "details": ["An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local access to the node, to copy this kubeconfig file and attempt to add their own node to the OpenShift cluster. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects versions before openshift4/ose-machine-config-operator v4.7.0-202105111858.p0.", "An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local access to the node, to copy this kubeconfig file and attempt to add their own node to the OpenShift cluster. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."], "name": "CVE-2020-35514", "package_state": [{"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-machine-config-operator", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2020-11-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-35514\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-35514"], "statement": "The kubeconfig file on the node is that of the bootstrap certificate. This means that to successfully exploit this vulnerability, the kubeconfig file must be taken and used within the first 24 hours of creation as it is created with a short expiration time. Otherwise, attempting to use the credentials after this time will result in the following:\n`Failed while requesting a signed certificate from the master: cannot create certificate signing request: Unauthorized`\nFurther, if taken, the certificate signing request (CSR) of the joining rogue OpenShift node is not automatically approved by default. The node still needs to be approved through the use of the commands `oc get csr` and `oc adm certificate approve`.", "threat_severity": "Moderate"}

{}