{"containers": {"cna": {"affected": [{"product": "Openshift", "vendor": "n/a", "versions": [{"status": "affected", "version": "Openshift 4.9 onwards"}]}], "descriptions": [{"lang": "en", "value": "A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by reading the oauth-serving-cert ConfigMap in the openshift-config-managed namespace, compromising any web traffic secured using that certificate."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-497", "description": "CWE-497", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-01T20:28:25", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101959"}, {"tags": ["x_refsource_MISC"], "url": "https://access.redhat.com/security/cve/CVE-2022-2403"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:39:07.025Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101959"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://access.redhat.com/security/cve/CVE-2022-2403"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-2403", "datePublished": "2022-09-01T20:28:25", "dateReserved": "2022-07-14T00:00:00", "dateUpdated": "2024-08-03T00:39:07.025Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*", "matchCriteriaId": "06161168-9C83-4BA0-9451-7433AD38C43A", "versionStartIncluding": "4.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by reading the oauth-serving-cert ConfigMap in the openshift-config-managed namespace, compromising any web traffic secured using that certificate."}, {"lang": "es", "value": "Se ha encontrado un filtrado de credenciales en OpenShift Container Platform. La clave privada del certificado del cl\u00faster externo es almacenada de forma incorrecta en el ConfigMaps oauth-serving-cert, y era accesible para cualquier usuario o cuenta de servicio autenticada de OpenShift. Un usuario malicioso podr\u00eda aprovechar este fallo al leer el ConfigMap de oauth-serving-cert en el espacio de nombres openshift-config-managed, comprometiendo cualquier tr\u00e1fico web asegurado con ese certificado"}], "id": "CVE-2022-2403", "lastModified": "2024-11-21T07:00:55.253", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-01T21:15:09.497", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2022-2403"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101959"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2022-2403"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101959"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-497"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-668"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Colin Smith (yoloClin, Radiant Security) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2022:5664", "cpe": "cpe:/a:redhat:openshift:4.10::el8", "package": "openshift4/ose-cluster-authentication-operator:v4.10.0-202207160316.p0.g6a015c7.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.10", "release_date": "2022-07-25T00:00:00Z"}, {"advisory": "RHSA-2022:5879", "cpe": "cpe:/a:redhat:openshift:4.9::el8", "package": "openshift4/ose-cluster-authentication-operator:v4.9.0-202208020055.p0.g265030f.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.9", "release_date": "2022-08-09T00:00:00Z"}], "bugzilla": {"description": "openshift: oauth-serving-cert configmap contains cluster certificate private key", "id": "2101959", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101959"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-497", "details": ["A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by reading the oauth-serving-cert ConfigMap in the openshift-config-managed namespace, compromising any web traffic secured using that certificate.", "A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. This flaw allows a malicious user to read the oauth-serving-cert ConfigMap in the openshift-config-managed namespace, compromising any web traffic secured using that certificate."], "mitigation": {"lang": "en:us", "value": "Removal of the private key from the ConfigMap, or modification of the RBAC permissions is not a sufficient mitigation on its own, as these will both be restored by the authentication-operator.\nThis flaw can be mitigated by deploying a custom webhook which filters out the private key from the target ConfigMap, preventing it from being restored by the authentication-operator. An example of this can be found here:\nhttps://github.com/sfowl/configmap-cleaner\nAfter upgrading to a fixed version of OpenShift or applying the mitigation, all ingress certificates should be rotated:\nhttps://docs.openshift.com/container-platform/4.10/security/certificates/replacing-default-ingress-certificate.html#replacing-default-ingress"}, "name": "CVE-2022-2403", "public_date": "2022-06-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-2403\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-2403"], "statement": "All versions of the OpenShift Container Platform 4.9 and later are affected by this vulnerability.", "threat_severity": "Important"}