Описание
A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in information disclosure and data integrity compromise.
Отчет
This is an IMPORTANT flaw in fog-kubevirt, a component used by Red Hat Satellite for managing OpenShift Virtualization/KubeVirt. The vulnerability allows a Man-in-the-Middle (MITM) attack due to disabled certificate validation. An attacker capable of intercepting traffic between Satellite and OpenShift could exploit this to compromise sensitive communications.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Satellite 6 | rubygem-fog-kubevirt | Affected | ||
| Red Hat Satellite 6 | satellite:el8/rubygem-fog-kubevirt | Affected |
Показывать по
Дополнительная информация
Статус:
EPSS
8.1 High
CVSS3
Связанные уязвимости
A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in information disclosure and data integrity compromise.
fog-kubevirt allows remote attacker to perform MITM attack due to disabled certificate validation
EPSS
8.1 High
CVSS3