Improper Access Control Affecting github.com/openshift/cluster-ingress-operator/pkg/operator/controller/ingress package, versions *
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
10 Dec 2020
10 Dec 2020
How to fix?
github.com/openshift/cluster-ingress-operator/pkg/operator/controller/ingress to version or higher.
github.com/openshift/cluster-ingress-operator/pkg/operator/controller/ingress is an OpenShift component which enables external access to cluster services by configuring Ingress Controllers, which route traffic as specified by OpenShift Route and Kubernetes Ingress resources.
Affected versions of this package are vulnerable to Improper Access Control. Until the 4.6.6 version of
OpenShift Container Platform changes to the router-default service to allow only certain IP source ranges was possible by directly editing the service object. Since 4.6.6 changes to the
loadBalancerSourceRanges field are overwritten to the default of all IP ranges. If a cluster is affected by this issue an attacker can use the flaw to access resources which should be restricted to the specified IP ranges.