Improper Certificate Validation Affecting atomic-openshift package, versions <0:3.2.1.17-1.git.0.6d01b60.el7


Severity

Recommended
0.0
high
0
10

Based on Red Hat Enterprise Linux security rating.

Threat Intelligence

EPSS
0.46% (76th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-RHEL7-ATOMICOPENSHIFT-5271202
  • published27 Mar 2023
  • disclosed10 Oct 2016

Introduced: 10 Oct 2016

CVE-2016-7075  (opens in a new tab)
CWE-295  (opens in a new tab)

How to fix?

Upgrade RHEL:7 atomic-openshift to version 0:3.2.1.17-1.git.0.6d01b60.el7 or higher.
This issue was patched in RHSA-2016:2064.

NVD Description

Note: Versions mentioned in the description apply only to the upstream atomic-openshift package and not the atomic-openshift package as distributed by RHEL. See How to fix? for RHEL:7 relevant fixed versions and status.

It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate.