In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1 Android-9 Android-10 Android-11 Android ID: A-171980069 https://android.googlesource.com/platform/external/okhttp/+/ddc934efe3ed06ce34f3724d41cfbdcd7e7358fc%5E%21/#F1
Created log4j tracking bugs for this issue: Affects: fedora-all [bug 2159795]
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2023:0756 https://access.redhat.com/errata/RHSA-2023:0756
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-0341
This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 8 Via RHSA-2023:2706 https://access.redhat.com/errata/RHSA-2023:2706
This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 9 Via RHSA-2023:2707 https://access.redhat.com/errata/RHSA-2023:2707
This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 7 Via RHSA-2023:2705 https://access.redhat.com/errata/RHSA-2023:2705
This issue has been addressed in the following products: Red Hat Single Sign-On Via RHSA-2023:2713 https://access.redhat.com/errata/RHSA-2023:2713
This issue has been addressed in the following products: Red Hat Data Grid 8.4.2 Via RHSA-2023:2723 https://access.redhat.com/errata/RHSA-2023:2723
This issue has been addressed in the following products: RHEL-8 based Middleware Containers Via RHSA-2023:2710 https://access.redhat.com/errata/RHSA-2023:2710
This issue has been addressed in the following products: Red Hat AMQ Streams 2.4.0 Via RHSA-2023:3223 https://access.redhat.com/errata/RHSA-2023:3223