Описание
It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate.
Ссылки
- Third Party Advisory
- Issue TrackingThird Party Advisory
- ExploitPatchThird Party Advisory
- Third Party Advisory
- Issue TrackingThird Party Advisory
- ExploitPatchThird Party Advisory
Уязвимые конфигурации
Одно из
EPSS
7.5 High
CVSS3
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
Связанные уязвимости
It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate.
It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate.
It was found that Kubernetes as used by Openshift Enterprise 3 did not ...
It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate.
EPSS
7.5 High
CVSS3
8.1 High
CVSS3
6.8 Medium
CVSS2