Back to bug 1888475
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Doran Moppert | 2020-10-14 23:57:46 UTC | CC | security-response-team | |
| Doran Moppert | 2020-10-15 00:00:36 UTC | Depends On | 1888476 | |
| Dhananjay Arunesh | 2020-10-15 06:27:35 UTC | Summary | EMBARGOED open-cluster-management: RBAC bypass may disclose cluster secrets to other users | EMBARGOED CVE-2020-25655 open-cluster-management: RBAC bypass may disclose cluster secrets to other users |
| Alias | CVE-2020-25655 | |||
| Doran Moppert | 2020-10-21 07:51:42 UTC | Deadline | 2020-10-22 | |
| Doran Moppert | 2020-10-22 00:00:55 UTC | Group | security, qe_staff | |
| Deadline | 2020-10-22 | |||
| Summary | EMBARGOED CVE-2020-25655 open-cluster-management: RBAC bypass may disclose cluster secrets to other users | CVE-2020-25655 open-cluster-management: RBAC bypass may disclose cluster secrets to other users | ||
| errata-xmlrpc | 2020-10-22 11:23:45 UTC | Link ID | Red Hat Product Errata RHSA-2020:4304 | |
| Doran Moppert | 2020-10-23 01:07:25 UTC | Depends On | 1882496 | |
| Doran Moppert | 2020-11-06 00:14:17 UTC | Doc Text | An issue was discovered in ManagedClusterView API, that could allow secrets to be disclosed to users without the correct permissions. Views created for an admin user would be made available for a short time to users with only view permission. In this short time window the user with view permission could read cluster secrets that should only be disclosed to admin users. | |
| RaTasha Tillery-Smith | 2020-12-07 18:23:53 UTC | Doc Text | An issue was discovered in ManagedClusterView API, that could allow secrets to be disclosed to users without the correct permissions. Views created for an admin user would be made available for a short time to users with only view permission. In this short time window the user with view permission could read cluster secrets that should only be disclosed to admin users. | A flaw was found in the ManagedClusterView API, allowed secrets to be disclosed to users without the correct permissions. Views created for an admin user are made available for a short time to users with view-only permission. In this short time window, the user with view-only permission can read cluster secrets that should only be disclosed to admin users. The highest threat from this vulnerability is to confidentiality. |
| Red Hat Bugzilla | 2022-10-08 04:27:47 UTC | CC | gghezzo | |
| Red Hat Bugzilla | 2023-07-07 08:30:18 UTC | CC | security-response-team | |
| Assignee | security-response-team | nobody |
Back to bug 1888475