Описание
When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.
A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Assisted Installer for Red Hat OpenShift Container Platform 2 | rhai/assisted-installer-rhel9 | Affected | ||
| cert-manager Operator for Red Hat OpenShift | cert-manager/jetstack-cert-manager-rhel9 | Not affected | ||
| Compliance Operator | compliance/openshift-compliance-operator-bundle | Not affected | ||
| Confidential Compute Attestation | build-of-trustee/trustee-rhel9-operator | Affected | ||
| Confidential Compute Attestation | openshift-sandboxed-containers/osc-monitor-rhel9 | Affected | ||
| Cryostat 4 | cryostat/cryostat-storage-rhel9 | Not affected | ||
| Custom Metric Autoscaler operator for Red Hat Openshift | custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9 | Not affected | ||
| Deployment Validation Operator | dvo/deployment-validation-rhel8-operator | Affected | ||
| ExternalDNS Operator | edo/external-dns-rhel8 | Affected | ||
| ExternalDNS Operator | edo/external-dns-rhel9 | Affected |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.
When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.
When verifying a certificate chain which contains a certificate contai ...
When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.
7.5 High
CVSS3