CVE-2020-29652
Published at:
-
16-12-2020 01:00
Last modified:
-
16-12-2020 01:00
Total changes:
-
14
Description
Common Vulnerability Scoring System (CVSS)
LowAttack complexity
NetworkAttack vector
HighAvailability
NoneConfidentiality
NoneIntegrity
NonePrivileges required
Unchanged
Scope
NoneUser interaction
7.5
Base score
Exploitability score
Impact score
Verification logic
OR
AND
product=container-tools AND versionEndExcluding=rhel8-8040020210407081426.59631bd5
vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=8
AND
product=openshift4/ose-aws-ebs-csi-driver-rhel8 AND versionEndExcluding=v4.7.0-202102130115.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-azure-machine-controllers AND versionEndExcluding=v4.7.0-202102130115.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-baremetal-installer-rhel8 AND versionEndExcluding=v4.7.0-202102130115.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-installer AND versionEndExcluding=v4.7.0-202102130115.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-installer-artifacts AND versionEndExcluding=v4.7.0-202102130115.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/kubernetes-nmstate-rhel8-operator AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/network-tools-rhel8 AND versionEndExcluding=v4.7.0-202102120026.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-ansible-operator AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-cluster-capacity AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-cluster-kube-descheduler-operator AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-cluster-kube-descheduler-rhel8-operator AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-cluster-nfd-operator AND versionEndExcluding=v4.7.0-202102111715.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-clusterresourceoverride-rhel8 AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-clusterresourceoverride-rhel8-operator AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-descheduler AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-egress-dns-proxy AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-egress-http-proxy AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-egress-router AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-ghostunnel AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-helm-operator AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-jenkins-agent-nodejs-10-rhel8 AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-kube-rbac-proxy AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-kubernetes-nmstate-handler-rhel8 AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-leader-elector-rhel8 AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-local-storage-diskmaker AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-local-storage-mustgather-rhel8 AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-local-storage-operator AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-local-storage-static-provisioner AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-metering-ansible-operator AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-metering-hadoop AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-metering-helm-container-rhel8 AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-metering-hive AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-metering-presto AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-metering-reporting-operator AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-node-feature-discovery AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-node-problem-detector-rhel8 AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-oauth-proxy AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-operator-sdk-rhel8 AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-ptp AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-ptp-operator AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-service-idler-rhel8 AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-sriov-cni AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-sriov-dp-admission-controller AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-sriov-infiniband-cni AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-sriov-network-config-daemon AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-sriov-network-device-plugin AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-sriov-network-operator AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-sriov-network-webhook AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-sriov-operator-must-gather AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-vertical-pod-autoscaler-rhel8 AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ose-vertical-pod-autoscaler-rhel8-operator AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=openshift4/ptp-must-gather-rhel8 AND versionEndExcluding=v4.7.0-202102110027.p0
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.7
AND
product=kubevirt-cpu-model-nfd-plugin-container
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=2.6
AND
product=kubevirt-cpu-node-labeller-container
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=2.6
AND
product=kubevirt-kvm-info-nfd-plugin-container
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=2.6
AND
product=vm-import-controller-container
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=2.6
AND
product=container-native-virtualization/bridge-marker AND versionEndExcluding=v4.8.0-17
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=4.8
AND
product=container-native-virtualization/cluster-network-addons-operator AND versionEndExcluding=v4.8.0-28
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=4.8
AND
product=container-native-virtualization/cnv-containernetworking-plugins AND versionEndExcluding=v4.8.0-14
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=4.8
AND
product=container-native-virtualization/cnv-must-gather-rhel8 AND versionEndExcluding=v4.8.0-50
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=4.8
AND
product=container-native-virtualization/hco-bundle-registry AND versionEndExcluding=v4.8.0-451
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=4.8
AND
product=container-native-virtualization/hostpath-provisioner-rhel8 AND versionEndExcluding=v4.8.0-14
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=4.8
AND
product=container-native-virtualization/hostpath-provisioner-rhel8-operator AND versionEndExcluding=v4.8.0-17
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=4.8
AND
product=container-native-virtualization/hyperconverged-cluster-operator AND versionEndExcluding=v4.8.0-62
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=4.8
AND
product=container-native-virtualization/hyperconverged-cluster-webhook-rhel8 AND versionEndExcluding=v4.8.0-62
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=4.8
AND
product=container-native-virtualization/kubemacpool AND versionEndExcluding=v4.8.0-22
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=4.8
AND
product=container-native-virtualization/kubernetes-nmstate-handler-rhel8 AND versionEndExcluding=v4.8.0-21
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=4.8
AND
product=container-native-virtualization/kubevirt-ssp-operator AND versionEndExcluding=v4.8.0-41
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=4.8
AND
product=container-native-virtualization/kubevirt-template-validator AND versionEndExcluding=v4.8.0-9
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=4.8
AND
product=container-native-virtualization/kubevirt-v2v-conversion AND versionEndExcluding=v4.8.0-10
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=4.8
AND
product=container-native-virtualization/kubevirt-vmware AND versionEndExcluding=v4.8.0-11
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=4.8
AND
product=container-native-virtualization/node-maintenance-operator AND versionEndExcluding=v4.8.0-19
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=4.8
AND
product=container-native-virtualization/ovs-cni-marker AND versionEndExcluding=v4.8.0-17
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=4.8
AND
product=container-native-virtualization/ovs-cni-plugin AND versionEndExcluding=v4.8.0-17
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=4.8
AND
product=container-native-virtualization/virt-api AND versionEndExcluding=v4.8.0-67
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=4.8
AND
product=container-native-virtualization/virt-cdi-apiserver AND versionEndExcluding=v4.8.0-25
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=4.8
AND
product=container-native-virtualization/virt-cdi-cloner AND versionEndExcluding=v4.8.0-25
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=4.8
AND
product=container-native-virtualization/virt-cdi-controller AND versionEndExcluding=v4.8.0-25
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=4.8
AND
product=container-native-virtualization/virt-cdi-importer AND versionEndExcluding=v4.8.0-25
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=4.8
AND
product=container-native-virtualization/virt-cdi-operator AND versionEndExcluding=v4.8.0-25
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=4.8
AND
product=container-native-virtualization/virt-cdi-uploadproxy AND versionEndExcluding=v4.8.0-25
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=4.8
AND
product=container-native-virtualization/virt-cdi-uploadserver AND versionEndExcluding=v4.8.0-25
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=4.8
AND
product=container-native-virtualization/virt-controller AND versionEndExcluding=v4.8.0-67
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=4.8
AND
product=container-native-virtualization/virt-handler AND versionEndExcluding=v4.8.0-67
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=4.8
AND
product=container-native-virtualization/virtio-win AND versionEndExcluding=v4.8.0-9
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=4.8
AND
product=container-native-virtualization/virt-launcher AND versionEndExcluding=v4.8.0-67
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=4.8
AND
product=container-native-virtualization/virt-operator AND versionEndExcluding=v4.8.0-67
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=4.8
AND
product=container-native-virtualization/vm-import-controller AND versionEndExcluding=v4.8.0-18
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=4.8
AND
product=container-native-virtualization/vm-import-controller-rhel8 AND versionEndExcluding=v4.8.0-18
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=4.8
AND
product=container-native-virtualization/vm-import-operator-rhel8 AND versionEndExcluding=v4.8.0-18
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=4.8
AND
product=container-native-virtualization/vm-import-virtv2v-rhel8 AND versionEndExcluding=v4.8.0-18
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=4.8
AND
product=3scale-istio-adapter-rhel8-container AND version=
vendor=Red Hat Enterprise Linux AND product=service_mesh AND version=2.0
AND
product=servicemesh AND version=
vendor=Red Hat Enterprise Linux AND product=service_mesh AND version=2.0
AND
product=servicemesh-cni AND version=
vendor=Red Hat Enterprise Linux AND product=service_mesh AND version=2.0
AND
product=rhacm2/multicluster-operators-subscription-release-rhel8 AND version=
vendor=Red Hat Enterprise Linux AND product=acm AND version=2
AND
product=rhacm2/multicluster-operators-subscription-rhel8 AND version=
vendor=Red Hat Enterprise Linux AND product=acm AND version=2
AND
product=gomtree AND version=
vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=7
AND
product=atomic-openshift AND version=
vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11
AND
product=atomic-openshift-cluster-autoscaler AND version=
vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11
AND
product=atomic-openshift-descheduler AND version=
vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11
AND
product=atomic-openshift-dockerregistry AND version=
vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11
AND
product=atomic-openshift-service-idler AND version=
vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11
AND
product=atomic-openshift-web-console AND version=
vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11
AND
product=csi-attacher AND version=
vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11
AND
product=csi-driver-registrar AND version=
vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11
AND
product=csi-provisioner AND version=
vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11
AND
product=openshift-enterprise-cluster-capacity AND version=
vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11
AND
product=openshift-enterprise-image-registry AND version=
vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11
AND
product=openshift-eventrouter AND version=
vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11
AND
product=openshift-external-storage AND version=
vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11
AND
product=openvswitch-ovn-kubernetes AND version=
vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11
AND
product=csi-driver-manilla-container AND version=
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4
AND
product=openshift AND version=
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4
AND
product=openshift4/ose-cluster-logging-operator AND version=
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4
AND
product=openshift4/ose-cluster-network-operator AND version=
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4
AND
product=openshift4/ose-csi-driver-nfs-rhel8 AND version=
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4
AND
product=openshift4/ose-hyperkube AND version=
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4
AND
product=openshift4/ose-tests AND version=
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4
AND
product=podman AND version=
vendor=Red Hat Enterprise Linux AND product=openshift AND version=4
AND
product=ocs4/cephcsi-rhel8 AND version=
vendor=Red Hat Enterprise Linux AND product=openshift_container_storage AND version=4
AND
product=cluster-network-addons-operator-container AND version=
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=2
AND
product=hyperconverged-cluster-operator-container AND version=
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=2
AND
product=kubernetes-nmstate-handler-container AND version=
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=2
AND
product=virt-api-container AND version=
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=2
AND
product=virt-controller-container AND version=
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=2
AND
product=virt-handler-container AND version=
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=2
AND
product=virt-launcher-container AND version=
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=2
AND
product=virt-operator-container AND version=
vendor=Red Hat Enterprise Linux AND product=container_native_virtualization AND version=2
AND
product=heketi AND version=
vendor=Red Hat Enterprise Linux AND product=storage AND version=3
Reference
- https://bugzilla.redhat.com/show_bug.cgi?id=1908883
- https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1
- https://access.redhat.com/errata/RHSA-2021:1796
- https://access.redhat.com/errata/RHSA-2020:5633
- https://access.redhat.com/errata/RHSA-2020:5635
- https://access.redhat.com/errata/RHSA-2021:0799
- https://access.redhat.com/errata/RHSA-2021:2920
Keywords