CVE-2023-4586 – Hotrod-client: hot rod client does not enable hostname validation when using tls that lead to a mitm attack

https://notcve.org/view.php?id=CVE-2023-4586

A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack. Se encontró una vulnerabilidad en el cliente Hot Rod. Este problema de seguridad ocurre porque el cliente Hot Rod no habilita la validación del nombre de host cuando usa TLS, lo que posiblemente resulte en un ataque de man-in-the-middle (MITM). • https://access.redhat.com/errata/RHSA-2023:7676 https://access.redhat.com/security/cve/CVE-2023-4586 https://bugzilla.redhat.com/show_bug.cgi?id=2235564 • CWE-20: Improper Input Validation CWE-295: Improper Certificate Validation •