CVE-2023-4586 – Hotrod-client: hot rod client does not enable hostname validation when using tls that lead to a mitm attack

https://notcve.org/view.php?id=CVE-2023-4586

04 Oct 2023 — A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack. Se encontró una vulnerabilidad en el cliente Hot Rod. Este problema de seguridad ocurre porque el cliente Hot Rod no habilita la validación del nombre de host cuando usa TLS, lo que posiblemente resulte en un ataque de man-in-the-middle (MITM). An update for Red Hat Data Grid 8 is now available. • https://access.redhat.com/errata/RHSA-2023:7676 • CWE-20: Improper Input Validation CWE-295: Improper Certificate Validation •