CVE-2022-3259

Name of the Vulnerable Software and Affected Versions Openshift version 4.9

Description The issue is related to the lack of HTTP Strict Transport Security (HSTS) in Openshift, which may allow man-in-the-middle (MITM) attacks. HSTS is a security feature that helps prevent MITM attacks by ensuring that communications between a client and a server are encrypted. Without HSTS, an attacker could potentially intercept and modify traffic.

Recommendations For Openshift version 4.9, consider implementing HTTP Strict Transport Security (HSTS) to prevent man-in-the-middle attacks. As a temporary workaround, restrict access to sensitive resources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.