An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root CA (as opposed to one signed by the configured CA root certificate) to authenticate.
History

Thu, 08 Aug 2024 01:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat service Mesh
CPEs cpe:/a:redhat:service_mesh:2.6::el8
cpe:/a:redhat:service_mesh:2.6::el9
Vendors & Products Redhat
Redhat service Mesh

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-09-10T17:00:00

Updated: 2024-08-05T08:38:06.338Z

Reserved: 2018-06-21T00:00:00

Link: CVE-2018-12608

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2018-09-10T17:29:00.287

Modified: 2018-11-19T16:29:35.430

Link: CVE-2018-12608

cve-icon Redhat

Severity : Moderate

Publid Date: 2018-10-09T00:00:00Z

Links: CVE-2018-12608 - Bugzilla