ghsa-qr9q-882c-gv4j
Vulnerability from github
Published
2022-05-24 19:03
Modified
2023-02-02 21:33
Severity
6.5 (Medium) - CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details

A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. This flaw allows an attacker to cause a denial of service attack on an OpenShift Container Platform cluster if they can deploy pods. The highest threat from this vulnerability is to system availability.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2020-14336"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-770"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-02T12:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. This flaw allows an attacker to cause a denial of service attack on an OpenShift Container Platform cluster if they can deploy pods. The highest threat from this vulnerability is to system availability.",
  "id": "GHSA-qr9q-882c-gv4j",
  "modified": "2023-02-02T21:33:41Z",
  "published": "2022-05-24T19:03:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14336"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:4298"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:4320"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2020-14336"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1858981"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.