Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2022-2403  

A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was incorrectly stored in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this by reading the oauth-serving-cert ConfigMap in either the openshift-config-managed or openshift-console namespaces, to access private keys used to encrypt all web traffic.

Source

Description

A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was incorrectly stored in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this by reading the oauth-serving-cert ConfigMap in either the openshift-config-managed or openshift-console namespaces, to access private keys used to encrypt all web traffic.

Statement

All versions of the OpenShift Container Platform below 4.9 are not affected by this vulnerability.

All versions of the OpenShift Container Platform below 4.9 are not affected by this vulnerability.

Additional Information

  • Bugzilla 2101959: CVE-2022-2403 openshift: oauth-serving-cert configmap contains cluster certificate private key
  • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere
  • FAQ: Frequently asked questions about CVE-2022-2403

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started