Improper Access Control Affecting github.com/openshift/cluster-ingress-operator/pkg/operator/controller/ingress package, versions *


0.0
high
  • Attack Complexity

    High

  • Confidentiality

    High

  • Integrity

    High

  • Availability

    High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-GOLANG-GITHUBCOMOPENSHIFTCLUSTERINGRESSOPERATORPKGOPERATORCONTROLLERINGRESS-1050164

  • published

    10 Dec 2020

  • disclosed

    10 Dec 2020

  • credit

    Unknown

How to fix?

Upgrade github.com/openshift/cluster-ingress-operator/pkg/operator/controller/ingress to version or higher.

Overview

github.com/openshift/cluster-ingress-operator/pkg/operator/controller/ingress is an OpenShift component which enables external access to cluster services by configuring Ingress Controllers, which route traffic as specified by OpenShift Route and Kubernetes Ingress resources.

Affected versions of this package are vulnerable to Improper Access Control. Until the 4.6.6 version of OpenShift Container Platform changes to the router-default service to allow only certain IP source ranges was possible by directly editing the service object. Since 4.6.6 changes to the loadBalancerSourceRanges field are overwritten to the default of all IP ranges. If a cluster is affected by this issue an attacker can use the flaw to access resources which should be restricted to the specified IP ranges.