Homepage
About Snyk

Insecure Permissions Affecting github.com/openshift/machine-config-operator/pkg/server package, versions *

0.0
medium

Snyk CVSS

    Attack Complexity High
    Confidentiality High
    Integrity High

    Threat Intelligence

    EPSS 0.04% (12th percentile)
Expand this section
NVD
7 high

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-GOLANG-GITHUBCOMOPENSHIFTMACHINECONFIGOPERATORPKGSERVER-1059094
  • published 12 Jan 2021
  • disclosed 5 Nov 2020
  • credit Unknown
Report a new vulnerability Found a mistake?

Introduced: 5 Nov 2020

CVE-2020-35514 Open this link in a new tab
CWE-275 Open this link in a new tab

How to fix?

There is no fixed version for github.com/openshift/machine-config-operator/pkg/server.

Overview

github.com/openshift/machine-config-operator/pkg/server is an OpenShift 4 is an operator-focused platform, and the Machine Config operator extends that to the operating system itself, managing updates and configuration changes to essentially everything between the kernel and kubelet.

Affected versions of this package are vulnerable to Insecure Permissions via the /etc/kubernetes/kubeconfig file. An attacker with access to a running container which mounts /etc/kubernetes or has local access to the node, may copy this kubeconfig file and attempt to add their own node to the OpenShift cluster.