N/A

A flaw was found in all versions of kubeclient up to (but not including) v4.9.3, the Ruby client for Kubernetes REST API, in the way it parsed kubeconfig files. When the kubeconfig file does not configure custom CA to verify certs, kubeclient ends up accepting any certificate (it wrongly returns VERIFY_NONE). Ruby applications that leverage kubeclient to parse kubeconfig files are susceptible to Man-in-the-middle attacks (MITM).

N/A

证书验证不恰当

ManageIQ MiqExpression 信任管理问题漏洞

ManageIQ MiqExpression是一个功能模块。 ManageIQ MiqExpression存在安全漏洞，该漏洞源于应用中。Kubernetes REST API 的 Ruby 客户端中解析文件存在问题，当kubeconfig 文件没有配置自定义 CA 来验证证书时，kubeclient 最终会接受任何证书。攻击者利用该漏洞可以实现中间人攻击。

N/A

N/A