Back to search
CVE-2022-2403
Published: Sep 1, 2022
Modified: Aug 3, 2024
PUBLISHED
Description
A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by reading the oauth-serving-cert ConfigMap in the openshift-config-managed namespace, compromising any web traffic secured using that certificate.
| Vendor | Product | Versions |
|---|---|---|
n/a | Openshift | affected Openshift 4.9 onwards |
Weaknesses (CWE)
References
https://bugzilla.redhat.com/show_bug.cgi?id=2101959
x_refsource_MISC
https://access.redhat.com/security/cve/CVE-2022-2403
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now