Vulnerabilities > CVE-2020-25655 - Incorrect Authorization vulnerability in Redhat Advanced Cluster Management for Kubernetes 2.0

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

redhat

CWE-863

NVD

Published: 2020-11-09

Updated: 2023-11-07

Summary

An issue was discovered in ManagedClusterView API, that could allow secrets to be disclosed to users without the correct permissions. Views created for an admin user would be made available for a short time to users with only view permission. In this short time window the user with view permission could read cluster secrets that should only be disclosed to admin users.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Advanced Cluster Management FOR Kubernetes 2.0	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25655