Ricardo Pchevuzinske

**Name of the Vulnerable Software and Affected Versions** OpenShift Router (affected versions not specified) **Description** A flaw in the OpenShift Router allows a user with EndpointSlice write access to proxy requests to a cloud metadata endpoint. This is achieved by creating a Service backed by a Fully Qualified Domain Name (FQDN) EndpointSlice that resolves to the metadata endpoint, bypassing security measures designed to validate IP addresses. This can lead to the disclosure of instance credentials and other sensitive metadata. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenShift Router (affected versions not specified) **Description** A flaw in the HTTP frontend occurs when a Route has the `insecureEdgeTerminationPolicy` set to Allow. In this configuration, the router fails to remove `X-SSL-Client-*` headers from incoming requests. This allows an unauthenticated attacker to send plain HTTP requests containing crafted `X-SSL-Client-*` headers. Consequently, backends that rely on these headers for mutual TLS (Transport Layer Security)—a process where both the client and server authenticate each other via certificates—can be bypassed, allowing the attacker to impersonate client certificate identities. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.