CVE-2021-3636
MEDIUMOpenShift < 4.8 - Improper Certificate Validation in Service CA
Title source: llmDescription
It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. The Service CA is automatically mounted into all pods, allowing them to safely connect to trusted in-cluster services that present certificates signed by the trusted Service CA. The incorrect inclusion of additional CAs in this certificate would allow an attacker that compromises any of the additional CAs to masquerade as a trusted in-cluster service.
References (1)
Core 1
Core References
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1978621
Scores
CVSS v3
4.6
EPSS
0.0003
EPSS Percentile
9.2%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-295
CWE-287
Status
published
Products (1)
redhat/openshift
< 4.8
Published
Jul 30, 2021
Tracked Since
Feb 18, 2026