{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-09-10T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root CA (as opposed to one signed by the configured CA root certificate) to authenticate."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-09-10T17:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/moby/moby/pull/33182"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-12608", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root CA (as opposed to one signed by the configured CA root certificate) to authenticate."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/moby/moby/pull/33182", "refsource": "MISC", "url": "https://github.com/moby/moby/pull/33182"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T08:38:06.338Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/moby/moby/pull/33182"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-12608", "datePublished": "2018-09-10T17:00:00", "dateReserved": "2018-06-21T00:00:00", "dateUpdated": "2024-08-05T08:38:06.338Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*", "matchCriteriaId": "779519D6-D1A3-464C-9ECD-601E87099FFD", "versionEndExcluding": "17.06.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root CA (as opposed to one signed by the configured CA root certificate) to authenticate."}, {"lang": "es", "value": "Se ha descubierto un problema en Docker Moby, en versiones anteriores a la 17.06.0. EL motor Docker valid\u00f3 el certificado TLS del cliente mediante el certificado root del CA del cliente configurado y todos los roots del sistema en sistemas que no son Windows. Esto permiti\u00f3 que un cliente con cualquier certificado de dominio validado por una CA root en la que conf\u00eda el sistema (al contrario que otro firmado por la CA root configurada) para autenticarse"}], "id": "CVE-2018-12608", "lastModified": "2018-11-19T16:29:35.430", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-09-10T17:29:00.287", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/moby/moby/pull/33182"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:5094", "cpe": "cpe:/a:redhat:service_mesh:2.6::el8", "package": "openshift-service-mesh/grafana-rhel8:2.6.0-7", "product_name": "Red Hat OpenShift Service Mesh 2.6 for RHEL 8", "release_date": "2024-08-07T00:00:00Z"}, {"advisory": "RHSA-2024:5094", "cpe": "cpe:/a:redhat:service_mesh:2.6::el8", "package": "openshift-service-mesh/istio-cni-rhel8:2.6.0-21", "product_name": "Red Hat OpenShift Service Mesh 2.6 for RHEL 8", "release_date": "2024-08-07T00:00:00Z"}, {"advisory": "RHSA-2024:5094", "cpe": "cpe:/a:redhat:service_mesh:2.6::el8", "package": "openshift-service-mesh/istio-must-gather-rhel8:2.6.0-7", "product_name": "Red Hat OpenShift Service Mesh 2.6 for RHEL 8", "release_date": "2024-08-07T00:00:00Z"}, {"advisory": "RHSA-2024:5094", "cpe": "cpe:/a:redhat:service_mesh:2.6::el8", "package": "openshift-service-mesh/istio-rhel8-operator:2.6.0-27", "product_name": "Red Hat OpenShift Service Mesh 2.6 for RHEL 8", "release_date": "2024-08-07T00:00:00Z"}, {"advisory": "RHSA-2024:5094", "cpe": "cpe:/a:redhat:service_mesh:2.6::el8", "package": "openshift-service-mesh/kiali-ossmc-rhel8:1.73.10-3", "product_name": "Red Hat OpenShift Service Mesh 2.6 for RHEL 8", "release_date": "2024-08-07T00:00:00Z"}, {"advisory": "RHSA-2024:5094", "cpe": "cpe:/a:redhat:service_mesh:2.6::el8", "package": "openshift-service-mesh/kiali-rhel8:1.73.9-2", "product_name": "Red Hat OpenShift Service Mesh 2.6 for RHEL 8", "release_date": "2024-08-07T00:00:00Z"}, {"advisory": "RHSA-2024:5094", "cpe": "cpe:/a:redhat:service_mesh:2.6::el8", "package": "openshift-service-mesh/kiali-rhel8-operator:1.73.10-2", "product_name": "Red Hat OpenShift Service Mesh 2.6 for RHEL 8", "release_date": "2024-08-07T00:00:00Z"}, {"advisory": "RHSA-2024:5094", "cpe": "cpe:/a:redhat:service_mesh:2.6::el8", "package": "openshift-service-mesh/pilot-rhel8:2.6.0-19", "product_name": "Red Hat OpenShift Service Mesh 2.6 for RHEL 8", "release_date": "2024-08-07T00:00:00Z"}, {"advisory": "RHSA-2024:5094", "cpe": "cpe:/a:redhat:service_mesh:2.6::el8", "package": "openshift-service-mesh/ratelimit-rhel8:2.6.0-8", "product_name": "Red Hat OpenShift Service Mesh 2.6 for RHEL 8", "release_date": "2024-08-07T00:00:00Z"}, {"advisory": "RHSA-2024:5094", "cpe": "cpe:/a:redhat:service_mesh:2.6::el9", "package": "openshift-service-mesh/proxyv2-rhel9:2.6.0-18", "product_name": "Red Hat OpenShift Service Mesh 2.6 for RHEL 9", "release_date": "2024-08-07T00:00:00Z"}], "bugzilla": {"description": "moby: cert signing bypass", "id": "2275812", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275812"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified"}, "cwe": "CWE-295", "details": ["An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root CA (as opposed to one signed by the configured CA root certificate) to authenticate.", "A certificate signing vulnerability was found in Moby. This issue could allow an unauthenticated remote attacker to validate a TLS certificate using Certificate Authorities (CA) from the system instead of only by a specified client CA root, which could allow bypassing of some certificate authorization rules, reducing system integrity."], "mitigation": {"lang": "en:us", "value": "Some environments may be able to mitigate this issue by removing extra CAs from the host."}, "name": "CVE-2018-12608", "package_state": [{"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Not affected", "package_name": "multicluster-engine/agent-service-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Will not fix", "package_name": "openshift-service-mesh/proxyv2-rhel8", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:ceph_storage:5", "fix_state": "Affected", "package_name": "rhceph/rhceph-5-dashboard-rhel8", "product_name": "Red Hat Ceph Storage 5"}, {"cpe": "cpe:/a:redhat:ceph_storage:6", "fix_state": "Affected", "package_name": "rhceph/rhceph-6-dashboard-rhel9", "product_name": "Red Hat Ceph Storage 6"}, {"cpe": "cpe:/a:redhat:ceph_storage:7", "fix_state": "Affected", "package_name": "rhceph/grafana-rhel9", "product_name": "Red Hat Ceph Storage 7"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-agent-installer-api-server-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-console", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2018-10-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-12608\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12608\nhttps://github.com/golang/vulndb/issues/2209"], "threat_severity": "Moderate", "upstream_fix": "moby 17.06.0"}