Vulnerability Name:

CVE-2021-3636 (CCN-206555)

Assigned:2021-07-02
Published:2021-07-02
Updated:2022-10-27
Summary:It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. The Service CA is automatically mounted into all pods, allowing them to safely connect to trusted in-cluster services that present certificates signed by the trusted Service CA. The incorrect inclusion of additional CAs in this certificate would allow an attacker that compromises any of the additional CAs to masquerade as a trusted in-cluster service.
CVSS v3 Severity:4.6 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)
4.0 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Adjacent
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
4.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)
4.0 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Adjacent
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.1 Medium (CVSS v2 Vector: AV:A/AC:L/Au:S/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
4.1 Medium (CCN CVSS v2 Vector: AV:A/AC:L/Au:S/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-287
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2021-3636

Source: CCN
Type: Red Hat Bugzilla - Bug 1978621
CVE-2021-3636 openshift: Injected service-ca.crt incorrectly contains additional internal CAs

Source: MISC
Type: Exploit, Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1978621

Source: XF
Type: UNKNOWN
redhat-cve20213636-sec-bypass(206555)

Source: CCN
Type: Mend Vulnerability Database
CVE-2021-3636

Source: CCN
Type: Red Hat Web site
Red Hat OpenShift Container Platform

Vulnerable Configuration:Configuration 1:
  • cpe:/a:redhat:openshift:*:*:*:*:*:*:*:* (Version < 4.8)

    • Configuration CCN 1:
  • cpe:/a:redhat:openshift_container_platform:4.7:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    redhat openshift *
    redhat openshift container platform 4.7