Vulnerability Description
It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kubernetes | Kubernetes | - |
| Redhat | Openshift | 3.1 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2016:2064Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7075Issue TrackingThird Party Advisory
- https://github.com/kubernetes/kubernetes/issues/34517ExploitPatchThird Party Advisory
- https://access.redhat.com/errata/RHSA-2016:2064Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7075Issue TrackingThird Party Advisory
- https://github.com/kubernetes/kubernetes/issues/34517ExploitPatchThird Party Advisory
FAQ
What is CVE-2016-7075?
CVE-2016-7075 is a vulnerability with a CVSS score of 7.5 (HIGH). It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authenticati...
How severe is CVE-2016-7075?
CVE-2016-7075 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-7075?
Check the references section above for vendor advisories and patch information. Affected products include: Kubernetes Kubernetes, Redhat Openshift.