CVE-2020-10752

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-10752

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-10752.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-10752

Published

2020-06-12T23:15:10.367Z

Modified

2026-02-24T11:33:27.018169Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server panic occurred. This flaw allows an attacker with the ability to cause an API Server error to read the logs, and use the leaked OAuthToken to log into the API Server with the leaked token.

References

Affected packages

Git / github.com/containers/image

Affected ranges

Type: GIT
Repo: https://github.com/containers/image
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

b49a0b7eac5a602f669dd0f4243985ef7e48033c

Affected versions

Other

v1,1

v1.*

v1.1

v1.2

v1.3

v1.4

v1.5

v1.5.1

v2.*

v2.0.0

v2.0.1

v3.*

v3.0.0

v3.0.1

v3.0.2

v4.*

v4.0.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-10752.json"