VDB

RHSA-2020%3A2449

RHSA-2020%3A2449 PUBLISHED CVSS 6.300000190734863 MEDIUM

A server side request forgery (SSRF) flaw was found in Kubernetes. The kube-controller-manager allows authorized users with the ability to create StorageClasses or certain Volume types to leak up to 500 bytes of arbitrary information from the master's host network. This can include secrets from the kube-apiserver through the unauthenticated localhost port (if enabled).

Risk Scores

CVSS 3.1
6.300000190734863
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Affected Products

VendorProductVersions
Red Hatopenshift4/ose-hyperkube@sha256:200044e6cdf56f067c1aaace4fde3215593e3e3152ff8600527077d35adc8d4e_ppc64le as a component of Red Hat OpenShift Container Platform 4.4openshift4/ose-hyperkube@sha256:200044e6cdf56f067c1aaace4fde3215593e3e3152ff8600527077d35adc8d4e_ppc64le
Red Hatopenshift4/ose-hyperkube@sha256:ec018bd232f6555bd7ce9e1c63cf4b19c95576c40e9868f2b9eb3127d61180e1_amd64 as a component of Red Hat OpenShift Container Platform 4.4openshift4/ose-hyperkube@sha256:ec018bd232f6555bd7ce9e1c63cf4b19c95576c40e9868f2b9eb3127d61180e1_amd64
Red Hatopenshift4/ose-hyperkube@sha256:1654cacf069e4ce3ab874df3a90d6e93e6b8ead14e24924bf5115c143d566bcd_s390x as a component of Red Hat OpenShift Container Platform 4.4*

Timeline

  • Jun 17, 2020 CVE Published
  • Nov 21, 2025 CVE Updated
  • May 1, 2026 Distribution Patch
  • May 1, 2026 Distribution Patch
  • May 1, 2026 Security Advisory
  • May 1, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›