David Hocky

**Name of the Vulnerable Software and Affected Versions** openshift-ansible versions prior to 3.9.23 openshift-ansible versions prior to 3.7.46 **Description** The issue is related to a misconfigured etcd file deployed by openshift-ansible, which causes SSL client certificate authentication to be disabled. This is due to quotations around the values of `ETCD CLIENT CERT AUTH` and `ETCD PEER CLIENT CERT AUTH` in etcd.conf, resulting in etcd being configured to allow remote users to connect without authentication if they can access the etcd server on the master nodes. An attacker could exploit this to read and modify data about the Openshift cluster in the etcd datastore, potentially adding another compute node or bringing down the entire cluster. **Recommendations** For versions prior to 3.9.23, update to version 3.9.23 or later to resolve the issue. For versions prior to 3.7.46, update to version 3.7.46 or later to resolve the issue. As a temporary workaround, consider restricting access to the etcd server on the master nodes to minimize the risk of exploitation.