CVE-2022-2403 - OpenCVE

A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by reading the oauth-serving-cert ConfigMap in the openshift-config-managed namespace, compromising any web traffic secured using that certificate.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Openshift

Configuration 1 [-]

cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat OpenShift Container Platform 4.10
openshift4/ose-cluster-authentication-operator:v4.10.0-202207160316.p0.g6a015c7.assembly.stream	cpe:/a:redhat:openshift:4.10::el8	RHSA-2022:5664	2022-07-25T00:00:00Z
Red Hat OpenShift Container Platform 4.9
openshift4/ose-cluster-authentication-operator:v4.9.0-202208020055.p0.g265030f.assembly.stream	cpe:/a:redhat:openshift:4.9::el8	RHSA-2022:5879	2022-08-09T00:00:00Z

References

Link	Providers
https://access.redhat.com/security/cve/CVE-2022-2403
https://bugzilla.redhat.com/show_bug.cgi?id=2101959
https://nvd.nist.gov/vuln/detail/CVE-2022-2403
https://www.cve.org/CVERecord?id=CVE-2022-2403

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2022-09-01T20:28:25

Updated: 2024-08-03T00:39:07.025Z

Reserved: 2022-07-14T00:00:00

Link: CVE-2022-2403

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-09-01T21:15:09.497

Modified: 2023-02-12T22:15:27.373

Link: CVE-2022-2403

Redhat

Severity : Important

Publid Date: 2022-06-28T00:00:00Z

Links: CVE-2022-2403 - Bugzilla

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*", "matchCriteriaId": "06161168-9C83-4BA0-9451-7433AD38C43A", "versionStartIncluding": "4.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by reading the oauth-serving-cert ConfigMap in the openshift-config-managed namespace, compromising any web traffic secured using that certificate."}, {"lang": "es", "value": "Se ha encontrado un filtrado de credenciales en OpenShift Container Platform. La clave privada del certificado del cl\u00faster externo es almacenada de forma incorrecta en el ConfigMaps oauth-serving-cert, y era accesible para cualquier usuario o cuenta de servicio autenticada de OpenShift. Un usuario malicioso podr\u00eda aprovechar este fallo al leer el ConfigMap de oauth-serving-cert en el espacio de nombres openshift-config-managed, comprometiendo cualquier tr\u00e1fico web asegurado con ese certificado"}], "id": "CVE-2022-2403", "lastModified": "2023-02-12T22:15:27.373", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-01T21:15:09.497", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2022-2403"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101959"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-497"}], "source": "secalert@redhat.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-668"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Colin Smith (yoloClin, Radiant Security) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2022:5664", "cpe": "cpe:/a:redhat:openshift:4.10::el8", "package": "openshift4/ose-cluster-authentication-operator:v4.10.0-202207160316.p0.g6a015c7.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.10", "release_date": "2022-07-25T00:00:00Z"}, {"advisory": "RHSA-2022:5879", "cpe": "cpe:/a:redhat:openshift:4.9::el8", "package": "openshift4/ose-cluster-authentication-operator:v4.9.0-202208020055.p0.g265030f.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.9", "release_date": "2022-08-09T00:00:00Z"}], "bugzilla": {"description": "openshift: oauth-serving-cert configmap contains cluster certificate private key", "id": "2101959", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101959"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-497", "details": ["A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by reading the oauth-serving-cert ConfigMap in the openshift-config-managed namespace, compromising any web traffic secured using that certificate.", "A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. This flaw allows a malicious user to read the oauth-serving-cert ConfigMap in the openshift-config-managed namespace, compromising any web traffic secured using that certificate."], "mitigation": {"lang": "en:us", "value": "Removal of the private key from the ConfigMap, or modification of the RBAC permissions is not a sufficient mitigation on its own, as these will both be restored by the authentication-operator.\nThis flaw can be mitigated by deploying a custom webhook which filters out the private key from the target ConfigMap, preventing it from being restored by the authentication-operator. An example of this can be found here:\nhttps://github.com/sfowl/configmap-cleaner\nAfter upgrading to a fixed version of OpenShift or applying the mitigation, all ingress certificates should be rotated:\nhttps://docs.openshift.com/container-platform/4.10/security/certificates/replacing-default-ingress-certificate.html#replacing-default-ingress"}, "name": "CVE-2022-2403", "public_date": "2022-06-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-2403\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-2403"], "statement": "All versions of the OpenShift Container Platform 4.9 and later are affected by this vulnerability.", "threat_severity": "Important"}