15 matches found
CVE-2026-27134
Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. In versions 0.49.0 through 0.50.0, when using a custom Cluster or Clients CA with a multistage CA chain consisting of multiple CAs, Strimzi incorrectly configures the trusted...
EUVD-2017-11799
Malware in sbrugna...
CVE-2025-9708 Kubernetes C# Client: improper certificate validation in custom CA mode may lead to man-in-the-middle attacks
A vulnerability exists in the Kubernetes C client where the certificate validation logic accepts properly constructed certificates from any Certificate Authority CA without properly verifying the trust chain. This flaw allows a malicious actor to present a forged certificate and potentially...
PT-2025-38069
Name of the Vulnerable Software and Affected Versions Kubernetes C client versions prior to 17.0.14 Description A flaw exists in the Kubernetes C client's certificate validation logic, allowing it to accept certificates from any Certificate Authority CA without proper trust chain verification. Th...
kubeclient: kubeconfig parsing error can lead to MITM attacks
A flaw was found in kubeclient, the Ruby client for Kubernetes REST API, in the way it parsed kubeconfig files. When the kubeconfig file does not configure custom CA to verify certs, kubeclient ends up accepting any certificate it wrongly returns VERIFYNONE. Ruby applications that leverage...
Man-in-the-Middle (MitM)
kubeclient is vulnerable to man-in-the-middle attacks. The attacker is able to steal user credentials to the cluster via a crafted certificate because the context function in Config returns hard-coded VERIFYNONE when the custom CA is not defined...
DEBIAN-CVE-2022-0759
A flaw was found in all versions of kubeclient up to but not including v4.9.3, the Ruby client for Kubernetes REST API, in the way it parsed kubeconfig files. When the kubeconfig file does not configure custom CA to verify certs, kubeclient ends up accepting any certificate it wrongly returns...
UBUNTU-CVE-2022-0759
A flaw was found in all versions of kubeclient up to but not including v4.9.3, the Ruby client for Kubernetes REST API, in the way it parsed kubeconfig files. When the kubeconfig file does not configure custom CA to verify certs, kubeclient ends up accepting any certificate it wrongly returns...
osbuild-composer bug fix and enhancement update
An update is available for osbuild, osbuild-composer. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OSBuild-Composer provides an image-building service based o...
osbuild-composer bug fix and enhancement update
OSBuild-Composer provides an image-building service based on OSBuild. Bug fixes and Enhancements: OSBuild Composer can now work with multiple subscriptions and custom CA certificates. This is useful, for instance, when the host system is subscribed to multiple repositories managed by Satellite...
Certificate Validation Bypass
CloudForms is vulnerable to certificate validation bypass. This is because CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization RHEV and OpenShift. An attacker could potentially harvest...
Code injection
It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization RHEV and OpenShift. This would allow an attacker to spoof RHEV or OpenShift systems and potentially harvest sensiti...
CVE-2017-2639
It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization RHEV and OpenShift. This would allow an attacker to spoof RHEV or OpenShift systems and potentially harvest sensiti...
CloudForms: cloudforms fails to properly check certificates when communicating with RHEV and OpenShift and custom CA
It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization RHEV and OpenShift. This would allow an attacker to spoof RHEV or OpenShift systems and potentially harvest sensiti...
SSL Custom CA Setup
Configure the loading of the certificate authorities for SSL validation. This will load the Tenable-managed default certificate authorities and allow Nessus users to load custom certificate authorities. Multiple custom CA files are available to help with the management of custom certificate...