An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an invalid certificate, resulting in a loss of confidentiality.
[
{
"vendor": "n/a",
"product": "Openshift",
"versions": [
{
"version": "4.8.17",
"status": "affected"
}
]
}
]