CVE-2016-7075

Sažetak

It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate.

Reference

https://github.com/kubernetes/kubernetes/issues/34517
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7075
https://access.redhat.com/errata/RHSA-2016:2064

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

12-02-2023 - 23:25

Objavljeno

10-09-2018 - 14:29