CVE-2020-10712 HIGH

CVE-2020-10712

Vendor Red Hat
Product openshift/cluster-image-registry-operator
Weakness CWE-532 · Sensitive info in logs
Published April 22, 2020
Last update August 4, 2024

CVSS base score

7.0/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L

What the vulnerability does

01Description

A flaw was found in OpenShift Container Platform version 4.1 and later. Sensitive information was found to be logged by the image registry operator allowing an attacker able to gain access to those logs, to read and write to the storage backing the internal image registry. The highest threat from this vulnerability is to data integrity.

Key dates

02Disclosure timeline

April 22, 2020 CVE published
August 4, 2024 Record updated