Back to bug 1384112

Who When What Removed Added
Kurt Seifried 2016-10-12 15:06:37 UTC CC security-response-team
Kurt Seifried 2016-10-12 15:07:52 UTC Whiteboard impact=important,public=no,reported=20161012,source=redhat,cvss2=7.8/AV:N/AC:L/Au:N/C:N/I:C/A:N,cvss3=7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N,cwe=CWE-295,openshift-enterprise-3/Security=affected impact=important,public=20161010,reported=20161012,source=redhat,cvss2=7.8/AV:N/AC:L/Au:N/C:N/I:C/A:N,cvss3=7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N,cwe=CWE-295,openshift-enterprise-3/Security=affected
Kurt Seifried 2016-10-12 15:08:19 UTC Summary EMBARGOED CVE-2016-7075 OpenShift 3: API server does not validate client-provided intermediate certificates correctly CVE-2016-7075 OpenShift 3: API server does not validate client-provided intermediate certificates correctly
Kurt Seifried 2016-10-12 15:08:24 UTC Group security, qe_staff
Kurt Seifried 2016-10-12 15:13:03 UTC Depends On 1384120
Kurt Seifried 2016-10-12 16:49:04 UTC Doc Text It was found that Kubernetes did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate.
Kurt Seifried 2016-10-12 17:20:40 UTC Blocks 1384165
weiwei jiang 2016-10-13 16:53:22 UTC CC wjiang
Jordan Liggitt 2016-10-19 17:16:43 UTC CC jliggitt
John Skeoch 2016-10-30 22:55:56 UTC CC wjiang wsun
PnT Account Manager 2018-06-29 22:15:22 UTC CC kseifried
PnT Account Manager 2018-08-31 21:38:39 UTC CC jliggitt
Product Security DevOps Team 2019-06-08 03:00:01 UTC Status NEW CLOSED
Resolution --- ERRATA
Last Closed 2019-06-08 03:00:01 UTC
Product Security DevOps Team 2019-09-29 13:57:57 UTC Whiteboard impact=important,public=20161010,reported=20161012,source=redhat,cvss2=7.8/AV:N/AC:L/Au:N/C:N/I:C/A:N,cvss3=7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N,cwe=CWE-295,openshift-enterprise-3/Security=affected

Back to bug 1384112