CVE-2021-3636 - OpenCVE

It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. The Service CA is automatically mounted into all pods, allowing them to safely connect to trusted in-cluster services that present certificates signed by the trusted Service CA. The incorrect inclusion of additional CAs in this certificate would allow an attacker that compromises any of the additional CAs to masquerade as a trusted in-cluster service.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:A/AC:L/Au:S/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Openshift

Configuration 1 [-]

cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1978621	Exploit Issue Tracking Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2021-07-30T19:27:06

Updated: 2021-07-30T19:27:06

Reserved: 2021-07-02T00:00:00

Link: CVE-2021-3636

JSON object: View

NVD Information

Status : Modified

Published: 2021-07-30T20:15:07.687

Modified: 2023-11-07T03:38:10.630

Link: CVE-2021-3636

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "openshift", "vendor": "n/a", "versions": [{"status": "affected", "version": "openshift 4.8"}]}], "descriptions": [{"lang": "en", "value": "It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. The Service CA is automatically mounted into all pods, allowing them to safely connect to trusted in-cluster services that present certificates signed by the trusted Service CA. The incorrect inclusion of additional CAs in this certificate would allow an attacker that compromises any of the additional CAs to masquerade as a trusted in-cluster service."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-295", "description": "CWE-295->CWE-287", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-07-30T19:27:06", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1978621"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2021-3636", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "openshift", "version": {"version_data": [{"version_value": "openshift 4.8"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. The Service CA is automatically mounted into all pods, allowing them to safely connect to trusted in-cluster services that present certificates signed by the trusted Service CA. The incorrect inclusion of additional CAs in this certificate would allow an attacker that compromises any of the additional CAs to masquerade as a trusted in-cluster service."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-295->CWE-287"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1978621", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1978621"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-3636", "datePublished": "2021-07-30T19:27:06", "dateReserved": "2021-07-02T00:00:00", "dateUpdated": "2021-07-30T19:27:06", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*", "matchCriteriaId": "204FB913-E9B7-448F-8557-4100BF2ADDA9", "versionEndExcluding": "4.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. The Service CA is automatically mounted into all pods, allowing them to safely connect to trusted in-cluster services that present certificates signed by the trusted Service CA. The incorrect inclusion of additional CAs in this certificate would allow an attacker that compromises any of the additional CAs to masquerade as a trusted in-cluster service."}, {"lang": "es", "value": "Se encontr\u00f3 en OpenShift, anterior a versi\u00f3n 4.8, que el certificado generado para la CA de servicio en el cl\u00faster, inclu\u00eda incorrectamente certificados adicionales. La CA de servicio se monta autom\u00e1ticamente en todos los pods, permiti\u00e9ndoles conectarse de forma segura a los servicios confiables del cl\u00faster que presentan certificados firmados por la CA de servicio confiable. Una inclusi\u00f3n incorrecta de CAs adicionales en este certificado podr\u00eda permitir a un atacante que comprometiera cualquiera de las CAs adicionales hacerse pasar por un servicio confiable dentro del cl\u00faster"}], "id": "CVE-2021-3636", "lastModified": "2023-11-07T03:38:10.630", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 5.1, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-07-30T20:15:07.687", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1978621"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-295"}], "source": "secalert@redhat.com", "type": "Secondary"}]}