CVE-2022-1632
published 2022-09-01CVE-2022-1632: An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA…
medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an invalid certificate, resulting in a loss of confidentiality.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| redhat | ansible_automation_platform | — | — |
| redhat | openshift_container_platform | — | — |
| redhat | openshift_container_platform | — | — |