Описание
A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs.
A flaw was found in the crypto/x509 package of the Golang standard library. A certificate with a URI, which has a IPv6 address with a zone ID, may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI; this issue only affects users of private PKIs that make use of URIs.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Assisted Installer for Red Hat OpenShift Container Platform 2 | rhai-tech-preview/assisted-installer-agent-rhel8 | Fix deferred | ||
| Assisted Installer for Red Hat OpenShift Container Platform 2 | rhai-tech-preview/assisted-installer-rhel8 | Fix deferred | ||
| Builds for Red Hat OpenShift | openshift-builds/openshift-builds-rhel9-operator | Fix deferred | ||
| cert-manager Operator for Red Hat OpenShift | cert-manager/cert-manager-operator-rhel9 | Fix deferred | ||
| cert-manager Operator for Red Hat OpenShift | cert-manager/jetstack-cert-manager-rhel9 | Fix deferred | ||
| Cryostat 3 | cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8 | Fix deferred | ||
| Cryostat 3 | cryostat-tech-preview/cryostat-rhel8-operator | Fix deferred | ||
| Cryostat 3 | cryostat-tech-preview/cryostat-storage-rhel8 | Fix deferred | ||
| Custom Metric Autoscaler operator for Red Hat Openshift | custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8 | Fix deferred | ||
| Custom Metric Autoscaler operator for Red Hat Openshift | custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
4.2 Medium
CVSS3
Связанные уязвимости
A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs.
A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs.
A certificate with a URI which has a IPv6 address with a zone ID may i ...
A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs.
EPSS
4.2 Medium
CVSS3