CVE-2021-3636
Summary
| CVE | CVE-2021-3636 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-07-30 20:15:00 UTC |
| Updated | 2023-11-07 03:38:00 UTC |
| Description | It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. The Service CA is automatically mounted into all pods, allowing them to safely connect to trusted in-cluster services that present certificates signed by the trusted Service CA. The incorrect inclusion of additional CAs in this certificate would allow an attacker that compromises any of the additional CAs to masquerade as a trusted in-cluster service. |
Risk And Classification
Problem Types: CWE-287
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 1978621 – (CVE-2021-3636) CVE-2021-3636 openshift: Injected service-ca.crt incorrectly contains additional internal CAs | MISC | bugzilla.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 239525 Red Hat Update for OpenShift Container Platform 4.8.2 (RHSA-2021:2437)
- 375759 Putty Multiple Security Vulnerabilities
- 375787 Nagios XI Multiple Vulnerabilities
- 770074 Red Hat OpenShift Container Platform 4.8 Security Update (RHSA-2021:2437)
- 770111 Red Hat OpenShift Container Platform 4.8 Security Update (RHSA-2021-2437)