CVE-2021-20198

HIGH

OpenShift Installer < 0.9.0 Unauthenticated RCE via Kubelet Port

Title source: llm
STIX 2.1

Description

A flaw was found in the OpenShift Installer before version v0.9.0-master.0.20210125200451-95101da940b0. During installation of OpenShift Container Platform 4 clusters, bootstrap nodes are provisioned with anonymous authentication enabled on kubelet port 10250. A remote attacker able to reach this port during installation can make unauthenticated `/exec` requests to execute arbitrary commands within running containers. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References (1)

Core 1
Core References
Issue Tracking, Patch, Vendor Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1920764

Scores

CVSS v3 8.1
EPSS 0.0056
EPSS Percentile 68.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-306
Status published
Products (1)
redhat/openshift_installer < 0.9.0-master.0.20210125200451-95101da940b0
Published Feb 23, 2021
Tracked Since Feb 18, 2026