Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-1531

Опубликовано: 28 янв. 2026
Источник: redhat
CVSS3: 8.1
EPSS Низкий

Описание

A flaw was found in foreman_kubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and OpenShift, to perform a Man-in-the-Middle (MITM) attack. Such an attack could lead to the disclosure or alteration of sensitive information.

Отчет

This is an IMPORTANT flaw in foreman_kubevirt where the default configuration for connecting to OpenShift disables SSL verification if a CA certificate is not explicitly provided. This insecure default allows a remote attacker to perform a Man-in-the-Middle attack by intercepting network traffic between Satellite and OpenShift, potentially leading to information disclosure or alteration.

Меры по смягчению последствий

To mitigate this issue, ensure that a Certificate Authority (CA) certificate is explicitly configured when setting up the connection to OpenShift in foreman_kubevirt. This will enable SSL verification and prevent Man-in-the-Middle attacks. Refer to the foreman_kubevirt documentation for specific instructions on configuring CA certificates. A restart or service reload may be required for the changes to take effect.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Satellite 6rubygem-foreman_kubevirtAffected
Red Hat Satellite 6satellite:el8/rubygem-foreman_kubevirtAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-295
https://bugzilla.redhat.com/show_bug.cgi?id=2433786foreman-kubevirt: foreman_kubevirt: Man-in-the-Middle due to insecure default SSL verification

EPSS

Процентиль: 1%
0.00011
Низкий

8.1 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2026-1531

CVSS3: 8.1
nvd
около 2 месяцев назад

A flaw was found in foreman_kubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and OpenShift, to perform a Man-in-the-Middle (MITM) attack. Such an attack could lead to the disclosure or alteration of sensitive information.

github логотип

GHSA-2qxw-7fmx-gqfm

CVSS3: 8.1
github
около 2 месяцев назад

foreman_kubevirt disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set

EPSS

Процентиль: 1%
0.00011
Низкий

8.1 High

CVSS3