OpenShift: Missing HTTP Strict Transport Security

Openshift 4.9 does not use HTTP Strict Transport Security HSTS which may allow man-in-the-middle MITM attacks...

CVE-2022-3259

Openshift 4.9 does not use HTTP Strict Transport Security HSTS which may allow man-in-the-middle MITM attacks...

Design/Logic Flaw

Openshift 4.9 does not use HTTP Strict Transport Security HSTS which may allow man-in-the-middle MITM attacks...

PT-2022-21391 · Red Hat · Openshift

Name of the Vulnerable Software and Affected Versions: Openshift version 4.9 Description: The issue is related to the lack of HTTP Strict Transport Security HSTS in Openshift, which may allow man-in-the-middle MITM attacks. HSTS is a security feature that helps prevent MITM attacks by ensuring th...

CVE-2022-3259

Openshift 4.9 does not use HTTP Strict Transport Security HSTS which may allow man-in-the-middle MITM attacks...

Red Hat OpenShift 安全漏洞

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying and running applications. A security vulnerability exists in Red Hat OpenShift version 4.9. An attacker exploited the vulnerability to perform a man-in-the-midd...

CVE-2022-3259

CVE-2022-3259 is confirmed in multiple connected advisories as OpenShift OpenShift Container Platform components failing to use HTTP Strict Transport Security (HSTS), which may enable MITM attacks (noted for OpenShift 4.9; also reflected in later RHSA/RHOS advisories). The issue is tied to Missin...

CVE-2022-3259

Openshift 4.9 does not use HTTP Strict Transport Security HSTS which may allow man-in-the-middle MITM attacks...

Authorization Bypass

haproxy is vulnerable to authorization bypass. Lack of validation of the HTTP Host header could potentially result in bypass of access controls due to a mishandling of the Host and authority. The fix for the original CVE is correctly included in OpenShift 4.9.11.The release of OpenShift 4.9.6...