Описание
fog-kubevirt allows remote attacker to perform MITM attack due to disabled certificate validation
A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in information disclosure and data integrity compromise.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2026-1530
- https://github.com/fog/fog-kubevirt/pull/168
- https://github.com/fog/fog-kubevirt/commit/8371e9ded99f9ec3e74caf2f283836109763e450
- https://github.com/fog/fog-kubevirt/commit/9603d79a239a0f68bedfc679cd1b65fbf6ec4753
- https://access.redhat.com/security/cve/CVE-2026-1530
- https://bugzilla.redhat.com/show_bug.cgi?id=2433784
- https://github.com/fog/fog-kubevirt/blob/8adb03e07972d6e19a7713ecf2a827aa2cfe4b9e/CHANGELOG.md?plain=1#L11
- https://github.com/fog/fog-kubevirt/releases/tag/v1.5.1
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/fog-kubevirt/CVE-2026-1530.yml
Пакеты
fog-kubevirt
< 1.5.1
1.5.1
Связанные уязвимости
A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in information disclosure and data integrity compromise.