{ "threat_severity" : "Important", "public_date" : "2016-10-10T00:00:00Z", "bugzilla" : { "description" : "3: API server does not validate client-provided intermediate certificates correctly", "id" : "1384112", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1384112" }, "cvss" : { "cvss_base_score" : "7.8", "cvss_scoring_vector" : "AV:N/AC:L/Au:N/C:N/I:C/A:N", "status" : "verified" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status" : "verified" }, "cwe" : "CWE-295", "details" : [ "It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate.", "It was found that Kubernetes did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate." ], "affected_release" : [ { "product_name" : "Red Hat OpenShift Container Platform 3.2", "release_date" : "2016-10-17T00:00:00Z", "advisory" : "RHSA-2016:2064", "cpe" : "cpe:/a:redhat:openshift:3.2::el7", "package" : "atomic-openshift-0:3.2.1.17-1.git.0.6d01b60.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.3", "release_date" : "2016-10-17T00:00:00Z", "advisory" : "RHSA-2016:2064", "cpe" : "cpe:/a:redhat:openshift:3.3::el7", "package" : "atomic-openshift-0:3.3.0.35-1.git.0.d7bd9b6.el7" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-10-17T00:00:00Z", "advisory" : "RHSA-2016:2064", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "atomic-openshift-0:3.1.1.8-1.git.0.d469026.el7aos" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2016-7075\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7075" ], "name" : "CVE-2016-7075", "csaw" : false }