An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root CA (as opposed to one signed by the configured CA root certificate) to authenticate.
Metrics
Affected Vendors & Products
References
History
Thu, 08 Aug 2024 01:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat service Mesh |
|
CPEs | cpe:/a:redhat:service_mesh:2.6::el8 cpe:/a:redhat:service_mesh:2.6::el9 |
|
Vendors & Products |
Redhat
Redhat service Mesh |
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-09-10T17:00:00
Updated: 2024-08-05T08:38:06.338Z
Reserved: 2018-06-21T00:00:00
Link: CVE-2018-12608
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2018-09-10T17:29:00.287
Modified: 2018-11-19T16:29:35.430
Link: CVE-2018-12608
Redhat