{"containers": {"cna": {"affected": [{"product": "openshift/installer", "vendor": "n/a", "versions": [{"status": "affected", "version": "openshift/installer v0.9.0-master.0.20210125200451-95101da940b0"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in the OpenShift Installer before version v0.9.0-master.0.20210125200451-95101da940b0. During installation of OpenShift Container Platform 4 clusters, bootstrap nodes are provisioned with anonymous authentication enabled on kubelet port 10250. A remote attacker able to reach this port during installation can make unauthenticated `/exec` requests to execute arbitrary commands within running containers. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-02-23T17:45:25", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1920764"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2021-20198", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "openshift/installer", "version": {"version_data": [{"version_value": "openshift/installer v0.9.0-master.0.20210125200451-95101da940b0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A flaw was found in the OpenShift Installer before version v0.9.0-master.0.20210125200451-95101da940b0. During installation of OpenShift Container Platform 4 clusters, bootstrap nodes are provisioned with anonymous authentication enabled on kubelet port 10250. A remote attacker able to reach this port during installation can make unauthenticated `/exec` requests to execute arbitrary commands within running containers. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-306"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1920764", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1920764"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:30:07.622Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1920764"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-20198", "datePublished": "2021-02-23T17:45:25", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-08-03T17:30:07.622Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift_installer:*:*:*:*:*:*:*:*", "matchCriteriaId": "DD47923E-8DE5-46A2-875C-15F8EFE22004", "versionEndExcluding": "0.9.0-master.0.20210125200451-95101da940b0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in the OpenShift Installer before version v0.9.0-master.0.20210125200451-95101da940b0. During installation of OpenShift Container Platform 4 clusters, bootstrap nodes are provisioned with anonymous authentication enabled on kubelet port 10250. A remote attacker able to reach this port during installation can make unauthenticated `/exec` requests to execute arbitrary commands within running containers. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en el instalador de OpenShift versiones anteriores a v0.9.0-master.0.20210125200451-95101da940b0. Durante la instalaci\u00f3n de los cl\u00fasteres de OpenShift Container Platform versi\u00f3n 4, los nodos de arranque se aprovisionan con autenticaci\u00f3n an\u00f3nima habilitada en el puerto 10250 de kubelet. Un atacante remoto capaz de llegar a este puerto durante la instalaci\u00f3n puede realizar peticiones \"/exec\" no autenticadas para ejecutar comandos arbitrarios dentro de contenedores en ejecuci\u00f3n. La mayor amenaza de esta vulnerabilidad es la confidencialidad e integridad de los datos, as\u00ed como la disponibilidad del sistema"}], "id": "CVE-2021-20198", "lastModified": "2021-02-27T03:49:32.887", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-02-23T18:15:13.287", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1920764"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2021:0313", "cpe": "cpe:/a:redhat:openshift:4.5::el7", "package": "openshift4/ose-installer:v4.5.0-202101301520.p0", "product_name": "Red Hat OpenShift Container Platform 4.5", "release_date": "2021-02-09T00:00:00Z"}, {"advisory": "RHSA-2021:0308", "cpe": "cpe:/a:redhat:openshift:4.6::el8", "package": "openshift4/ose-installer:v4.6.0-202101300140.p0", "product_name": "Red Hat OpenShift Container Platform 4.6", "release_date": "2021-02-08T00:00:00Z"}], "bugzilla": {"description": "openshift/installer: Bootstrap nodes allow anonymous authentication on kubelet port 10250", "id": "1920764", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1920764"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-306", "details": ["A flaw was found in the OpenShift Installer before version v0.9.0-master.0.20210125200451-95101da940b0. During installation of OpenShift Container Platform 4 clusters, bootstrap nodes are provisioned with anonymous authentication enabled on kubelet port 10250. A remote attacker able to reach this port during installation can make unauthenticated `/exec` requests to execute arbitrary commands within running containers. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "A flaw was found in the OpenShift Installer. During installation of OpenShift Container Platform 4 clusters, bootstrap nodes are provisioned with anonymous authentication enabled on kubelet port 10250. A remote attacker able to reach this port during installation can make unauthenticated `/exec` requests to execute arbitrary commands within running containers. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."], "mitigation": {"lang": "en:us", "value": "This issue is mitigated by default on AWS, Azure, GCP and OpenStack as port 10250 is not remotely accessible on bootstrap nodes. For other IPI platforms, bootstrap nodes only exist during the installation window so the exposure is limited. For UPI installations, administrators should prevent remote access to this port on bootstrap nodes and/or remove the nodes once installation is complete"}, "name": "CVE-2021-20198", "package_state": [{"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Not affected", "package_name": "atomic-openshift", "product_name": "Red Hat OpenShift Container Platform 3.11"}], "public_date": "2021-02-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-20198\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-20198"], "threat_severity": "Important", "upstream_fix": "github.com/openshift/installer v0.9.0-master.0.20210125200451-95101da940b0"}