CVE-2021-20198

CVE-2021-20198

Vendor N/A
Product openshift/installer
Weakness CWE-306 · Missing auth
Published February 23, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

A flaw was found in the OpenShift Installer before version v0.9.0-master.0.20210125200451-95101da940b0. During installation of OpenShift Container Platform 4 clusters, bootstrap nodes are provisioned with anonymous authentication enabled on kubelet port 10250. A remote attacker able to reach this port during installation can make unauthenticated `/exec` requests to execute arbitrary commands within running containers. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Key dates

02Disclosure timeline

February 23, 2021 CVE published
August 3, 2024 Record updated