Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2022-0759

Опубликовано: 25 мар. 2022
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 6.8
CVSS3: 8.1

Описание

A flaw was found in all versions of kubeclient up to (but not including) v4.9.3, the Ruby client for Kubernetes REST API, in the way it parsed kubeconfig files. When the kubeconfig file does not configure custom CA to verify certs, kubeclient ends up accepting any certificate (it wrongly returns VERIFY_NONE). Ruby applications that leverage kubeclient to parse kubeconfig files are susceptible to Man-in-the-middle attacks (MITM).

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
devel

needs-triage

esm-apps/bionic

needs-triage

esm-apps/focal

needs-triage

esm-apps/jammy

needs-triage

esm-apps/noble

needs-triage

focal

ignored

end of standard support, was needs-triage
impish

ignored

end of life
jammy

needs-triage

kinetic

ignored

end of life, was needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 34%
0.00137
Низкий

6.8 Medium

CVSS2

8.1 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2022-0759

CVSS3: 8.3
redhat
почти 4 года назад

A flaw was found in all versions of kubeclient up to (but not including) v4.9.3, the Ruby client for Kubernetes REST API, in the way it parsed kubeconfig files. When the kubeconfig file does not configure custom CA to verify certs, kubeclient ends up accepting any certificate (it wrongly returns VERIFY_NONE). Ruby applications that leverage kubeclient to parse kubeconfig files are susceptible to Man-in-the-middle attacks (MITM).

nvd логотип

CVE-2022-0759

CVSS3: 8.1
nvd
почти 4 года назад

A flaw was found in all versions of kubeclient up to (but not including) v4.9.3, the Ruby client for Kubernetes REST API, in the way it parsed kubeconfig files. When the kubeconfig file does not configure custom CA to verify certs, kubeclient ends up accepting any certificate (it wrongly returns VERIFY_NONE). Ruby applications that leverage kubeclient to parse kubeconfig files are susceptible to Man-in-the-middle attacks (MITM).

debian логотип

CVE-2022-0759

CVSS3: 8.1
debian
почти 4 года назад

A flaw was found in all versions of kubeclient up to (but not includin ...

github логотип

GHSA-69p3-xp37-f692

CVSS3: 8.1
github
почти 4 года назад

Improper Certificate Validation in kubeclient

fstec логотип

BDU:2022-01721

CVSS3: 8.3
fstec
почти 4 года назад

Уязвимость реализации класса Kubeclient::Configе клиента REST API Kubernetes kubeclient, позволяющая нарушителю выполнить атаку типа «человек посередине»

EPSS

Процентиль: 34%
0.00137
Низкий

6.8 Medium

CVSS2

8.1 High

CVSS3