CVE-2016-7075

It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:kubernetes:kubernetes:-:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*
cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*
cpe:2.3:a:redhat:openshift:3.3:*:*:*:enterprise:*:*:*

History

21 Nov 2024, 02:57

Type Values Removed Values Added
CVSS v2 : 6.8
v3 : 8.1
v2 : 6.8
v3 : 7.5
References () https://access.redhat.com/errata/RHSA-2016:2064 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2016:2064 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7075 - Issue Tracking, Third Party Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7075 - Issue Tracking, Third Party Advisory
References () https://github.com/kubernetes/kubernetes/issues/34517 - Exploit, Patch, Third Party Advisory () https://github.com/kubernetes/kubernetes/issues/34517 - Exploit, Patch, Third Party Advisory

Information

Published : 2018-09-10 14:29

Updated : 2024-11-21 02:57


NVD link : CVE-2016-7075

Mitre link : CVE-2016-7075

CVE.ORG link : CVE-2016-7075


JSON object : View

Products Affected

redhat

  • openshift

kubernetes

  • kubernetes
CWE
CWE-295

Improper Certificate Validation