Описание
vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack
It was found that the VDSM SSL certificate validation implementation did not check whether the server host name matched the domain name in a subject's Common Name (CN) field in a X.509 certificate. A man-in-the-middle attacker could use this flaw to spoof a VDSM server using a specially crafted X.509 certificate.
Отчет
This issue affects the versions of vdsm as shipped with Red Hat Enterprise Vitalization 3.x. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Virtualization 3 | vdsm | Affected |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack
vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack
EPSS
4.3 Medium
CVSS2