Lucene search
Veracode Vulnerability DatabaseVERACODE:34855HistoryMar 28, 2022 - 3:27 a.m.
Man-in-the-Middle (MitM)
2022-03-2803:27:35
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
mitm
kubeclient
user credentials
crafted certificate
hard-coded
verify_none
custom ca
EPSS
0.001
Percentile
44.1%
kubeclient is vulnerable to man-in-the-middle attacks. The attacker is able to steal user credentials to the cluster via a crafted certificate because the context function in Config returns hard-coded VERIFY_NONE when the custom CA is not defined.
Related
osv
osv
CVE-2022-0759
2022-03-25 19:15:10
Improper Certificate Validation in kubeclient
2022-03-26 00:00:29
redhatcve
redhatcve
CVE-2022-0759
2022-03-23 18:11:26
cve
cve
CVE-2022-0759
2022-03-25 19:15:10
cvelist
cvelist
CVE-2022-0759
2022-03-25 18:03:10
prion
prion
Design/Logic Flaw
2022-03-25 19:15:00
debiancve
debiancve
CVE-2022-0759
2022-03-25 19:15:10
ubuntucve
ubuntucve
CVE-2022-0759
2022-03-25 00:00:00
rubygems
rubygems
Improper Certificate Validation in kubeclient
2022-03-25 21:00:00
nvd
nvd
CVE-2022-0759
2022-03-25 19:15:10
github
github
Improper Certificate Validation in kubeclient
2022-03-26 00:00:29
redhat
redhat
nessus
nessus
Rocky Linux 8 : Satellite 6.14 (RLSA-2023:6818)
2023-11-11 00:00:00
RHEL 8 : Satellite 6.14 (RHSA-2023:6818)
2024-04-29 00:00:00
rocky
rocky
Satellite 6.14 security and bug fix update
2023-11-11 22:58:57