CVE-2020-25655 Vulnerability Details

  /     /     /  

CVE-2020-25655 Metadata Quick Info

CVE Published: 09/11/2020 | CVE Updated: 04/08/2024 | CVE Year: 2020
Source: redhat | Vendor: Red Hat | Product: open-cluster-management
Status : PUBLISHED

---

CVE-2020-25655 Description

An issue was discovered in ManagedClusterView API, that could allow secrets to be disclosed to users without the correct permissions. Views created for an admin user would be made available for a short time to users with only view permission. In this short time window the user with view permission could read cluster secrets that should only be disclosed to admin users.

Metrics

CVSS Version: 3.1 | Base Score: 5.7 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* LOW
    User Interaction (UI)* REQUIRED
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* NONE
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-863
CWE Name: CWE-863
Source: Red Hat

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).