Home > Vulnerability Database > CVE-2020-27836

Mend.io Vulnerability Database

CVE-2020-27836

Date: August 22, 2022

A flaw was found in cluster-ingress-operator. A change to how the router-default service allows only certain IP source ranges could allow an attacker to access resources that would otherwise be restricted to specified IP ranges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability..

Language: Go

Severity Score

9.8

Related Resources (7)

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1906267

Url: https://access.redhat.com/security/cve/CVE-2020-27836

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-27836

Url: https://github.com/openshift/cluster-ingress-operator/commit/3276bbc811dcd771291cc2de8107ebd89fa5b66d

Url: https://github.com/openshift/cluster-ingress-operator/pull/507/commits/92c83f281ba5fb6a1d91ecc3beaa4bcf2647a729

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1905490

Url: https://www.mend.io/vulnerability-database/CVE-2020-27836

Severity Score

9.8

Weakness Type (CWE)

Incorrect Permission Assignment for Critical Resource

CWE-732

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2020-27836

Date: August 22, 2022

Language: Go

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?