Impact
The flaw occurs in the Windows Machine Config Operator for Red Hat OpenShift and allows the operator to open SSH sessions to Windows worker nodes without validating the remote host key. Because the host key is not checked, an attacker who can intercept or redirect traffic on the same network can capture the credentials transmitted during node configuration, such as *WICD* and *kubelet* bootstrap tokens. The result is the theft of authenticating credentials that grant control over the affected Windows node and potentially over the entire cluster if those nodes serve privileged functions. The weakness is a classic example of insecure use of cryptographic protocols, classified as CWE‑295.
Affected Systems
Red Hat OpenShift Container Platform 4 and Red Hat OpenShift for Windows Containers. No specific version range is listed in the CNA data, so any installation of the Windows Machine Config Operator that has not been updated to the latest release is considered vulnerable.
Risk and Exploitability
The CVSS score of 8.3 indicates a high severity vulnerability. With no EPSS score available, the likelihood of exploitation cannot be determined from the data, and the vulnerability is not currently reflected in CISA’s KEV catalog. The likely attack vector is an adjacent‑network attacker who can intercept or reroute the SSH traffic between WMCO and the Windows nodes. If the attacker succeeds in redirecting the session, they can capture the bootstrap credentials sent over the session and use them to assume node identity and further compromise the cluster. The exploitation is mitigated only by applying the official update that enforces host‑key verification.
OpenCVE Enrichment