N/A

A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Two internal service APIs were incorrectly provisioned using a test certificate from the source repository. This would result in all installations using the same certificates. If an attacker could observe network traffic internal to a cluster, they could use the private key to decode API requests that should be protected by TLS sessions, potentially obtaining information they would not otherwise be able to. These certificates are not used for service authentication, so no opportunity for impersonation or active MITM attacks were made possible.

N/A

使用硬编码的密码学密钥

Red Hat Advanced Cluster Management 信任管理问题漏洞

Red Hat Advanced Cluster Management是美国红帽（Red Hat）公司的一个控制台集群控制软件。 Red Hat Advanced Cluster Management for Kubernetes 2中的rhacm2/mcm-topology-api-rhel8和Red Hat Advanced Cluster Management for Kubernetes 2中的rhacm2/grc-ui-api-rhel8 存在安全漏洞，目前尚无此漏洞的相关信息，请随时关注CNN

N/A

N/A