{"containers": {"cna": {"affected": [{"product": "OpenShift", "vendor": "Red Hat", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-10-10T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-295", "description": "CWE-295", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-09-11T09:57:01.000Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/kubernetes/kubernetes/issues/34517"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7075"}, {"name": "RHSA-2016:2064", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2016:2064"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:50:47.447Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/kubernetes/kubernetes/issues/34517"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7075"}, {"name": "RHSA-2016:2064", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2016:2064"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-7075", "datePublished": "2018-09-10T14:00:00.000Z", "dateReserved": "2016-08-23T00:00:00.000Z", "dateUpdated": "2024-08-06T01:50:47.447Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kubernetes:kubernetes:-:*:*:*:*:*:*:*", "matchCriteriaId": "14C32308-314D-4E0D-B15F-6A68DF21E9F9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*", "matchCriteriaId": "F8E35FAB-695F-44DA-945D-60B47C1F200B", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*", "matchCriteriaId": "F33CEF04-05FA-444C-BB14-F3E3434AF61F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift:3.3:*:*:*:enterprise:*:*:*", "matchCriteriaId": "84C890EC-229B-458B-AEF7-EA03C6248A25", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate."}, {"lang": "es", "value": "Se ha descubierto que Kubernetes, tal y como se emplea en Openshift Enterprise 3, no valida los campos de nombre del host del certificado intermediario de cliente X.509. Un atacante podr\u00eda emplear este error para omitir los requisitos de autenticaci\u00f3n mediante el uso de un certificado X.509 especialmente manipulado"}], "id": "CVE-2016-7075", "lastModified": "2024-11-21T02:57:24.557", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-09-10T14:29:00.800", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2016:2064"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7075"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/kubernetes/kubernetes/issues/34517"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2016:2064"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7075"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/kubernetes/kubernetes/issues/34517"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2016:2064", "cpe": "cpe:/a:redhat:openshift:3.2::el7", "package": "atomic-openshift-0:3.2.1.17-1.git.0.6d01b60.el7", "product_name": "Red Hat OpenShift Container Platform 3.2", "release_date": "2016-10-17T00:00:00Z"}, {"advisory": "RHSA-2016:2064", "cpe": "cpe:/a:redhat:openshift:3.3::el7", "package": "atomic-openshift-0:3.3.0.35-1.git.0.d7bd9b6.el7", "product_name": "Red Hat OpenShift Container Platform 3.3", "release_date": "2016-10-17T00:00:00Z"}, {"advisory": "RHSA-2016:2064", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "atomic-openshift-0:3.1.1.8-1.git.0.d469026.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-10-17T00:00:00Z"}], "bugzilla": {"description": "3: API server does not validate client-provided intermediate certificates correctly", "id": "1384112", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384112"}, "csaw": false, "cvss": {"cvss_base_score": "7.8", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:C/A:N", "status": "verified"}, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified"}, "cwe": "CWE-295", "details": ["It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate.", "It was found that Kubernetes did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate."], "name": "CVE-2016-7075", "public_date": "2016-10-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-7075\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7075"], "threat_severity": "Important"}

{}