An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an malicious user to exploit an invalid certificate, resulting in a loss of confidentiality.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat openshift container platform 4.0 |
||
redhat ansible automation platform 2.0 |
||
fedoraproject fedora 34 |
||
fedoraproject fedora 35 |