A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by reading the oauth-serving-cert ConfigMap in the openshift-config-managed namespace, compromising any web traffic secured using that certificate.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=2101959 | Issue Tracking Patch Vendor Advisory |
https://access.redhat.com/security/cve/CVE-2022-2403 | Vendor Advisory |
Configurations
Information
Published : 2022-09-01 14:15
Updated : 2023-02-12 14:15
NVD link : CVE-2022-2403
Mitre link : CVE-2022-2403
JSON object : View
CWE
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Products Affected
redhat
- openshift