How severe is CVE-2020-35514?

This vulnerability has a severity rating of HIGH with a CVSS score of 7 out of 10.

What type of vulnerability is CVE-2020-35514?

This is classified as CWE-266, which is a common weakness in software security.

CVE-2020-35514

HIGH Year: 2020

CVSS v3 Score

7.0

High

CVSS v2 Score

4.4

Medium

Weakness Type

CWE-266

View all →

Vulnerability Description

An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local access to the node, to copy this kubeconfig file and attempt to add their own node to the OpenShift cluster. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects versions before openshift4/ose-machine-config-operator v4.7.0-202105111858.p0.

CVE-2019-19346

HIGH

CVSS:7.0(High)

An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 . An atta...

CWE-2662019

CVE-2019-19348

HIGH

CVSS:7.0(High)

An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/apb-base, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4. An attacker...

CWE-2662019

CVE-2019-19351

HIGH

CVSS:7.0(High)

An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and esca...

CWE-2662019

CVE-2019-19352

HIGH

CVSS:7.0(High)

An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto as shipped in Red Hat Openshift 4. An attacker with access to the container could use this fla...

CWE-2662019

CVE-2019-19353

HIGH

CVSS:7.0(High)

An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hive as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw ...

CWE-2662019

CVE-2019-19355

HIGH

CVSS:7.0(High)

An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd a...

CWE-2662019

CVE-2020-35514

Vulnerability Description

Related Vulnerabilities

CVE-2019-19346

CVE-2019-19348

CVE-2019-19351

CVE-2019-19352

CVE-2019-19353

CVE-2019-19355