PT-2018-4981 · Linux Foundation+1 · Kubernetes+1

Liggitt

Published

2018-09-10

Updated

2023-02-12

CVE-2016-7075

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Openshift Enterprise 3

Description A flaw was found in the validation of X.509 client intermediate certificate host name fields in Kubernetes as used by Openshift Enterprise. This could allow an attacker to bypass authentication requirements using a specially crafted X.509 certificate.

Recommendations For Openshift Enterprise 3, update the Kubernetes component to correctly validate X.509 client intermediate certificate host name fields. As a temporary workaround, consider restricting access to sensitive resources that rely on X.509 certificate authentication until a patch is available.

Exploit

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

CVE-2016-7075

RHSA-2016:2064

Affected Products

Kubernetes

Openshift Enterprise

PT-2018-4981 · Linux Foundation+1 · Kubernetes+1

CVE-2016-7075

Weakness Enumeration

Related Identifiers

Affected Products

References · 10