the `oauth-serving-cert` configmap in openshift-config-managed and openshift-console projects contains the private key of the cluster external certificate
Upstream fix: https://github.com/openshift/cluster-authentication-operator/pull/573
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.10 Via RHSA-2022:5664 https://access.redhat.com/errata/RHSA-2022:5664
Hi everyone, is there any existing plan to back-port the fix to OpenShift v4.9 as well? Thanks in advance, Marcus
Hi Marcus, The fix for 4.9 is tracked in BZ 2107027.
THX @oarribas, unfortunately I'm not allowed to access. Is there a reason why for v4.9 it's a private RH BZ?... and for v4.10 it's public
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.9 Via RHSA-2022:5879 https://access.redhat.com/errata/RHSA-2022:5879
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-2403