CVE-2016-7075 – 3: API server does not validate client-provided intermediate certificates correctly

https://notcve.org/view.php?id=CVE-2016-7075

It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate. Se ha descubierto que Kubernetes, tal y como se emplea en Openshift Enterprise 3, no valida los campos de nombre del host del certificado intermediario de cliente X.509. Un atacante podría emplear este error para omitir los requisitos de autenticación mediante el uso de un certificado X.509 especialmente manipulado It was found that Kubernetes did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate. • https://access.redhat.com/errata/RHSA-2016:2064 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7075 https://github.com/kubernetes/kubernetes/issues/34517 https://access.redhat.com/security/cve/CVE-2016-7075 https://bugzilla.redhat.com/show_bug.cgi?id=1384112 • CWE-295: Improper Certificate Validation •