漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Strimzi: All CAs from a custom CA chain consisting of multiple CAs are trusted for mTLS user autentication
Vulnerability Description
Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. In versions 0.49.0 through 0.50.0, when using a custom Cluster or Clients CA with a multistage CA chain consisting of multiple CAs, Strimzi incorrectly configures the trusted certificates for mTLS authentication on the internal as well as user-configured listeners. All CAs from the CA chain will be trusted. And users with certificates signed by any of the CAs in the chain will be able to authenticate. This issue affects only users using a custom Cluster or Clients CA with a multistage CA chain consisting of multiple CAs. It does not affect users using the Strimzi-managed Cluster and Clients CAs. It also does not affect users using custom Cluster or Clients CA with only a single CA (i.e., no CA chain with multiple CAs). This issue has been fixed in version 0.50.1. To workaround this issue, instead of providing the full CA chain as the custom CA, users can provide only the single CA that should be used.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
认证机制不恰当
Vulnerability Title
Strimzi 安全漏洞
Vulnerability Description
Strimzi是Strimzi开源的一种允许在 Kubernetes 上以各种部署配置运行 Apache Kafka 集群的程序。 Strimzi 0.49.0版本至0.50.0版本存在安全漏洞,该漏洞源于多阶段CA链配置不当,导致信任链中的所有CA,可能允许使用链中任何CA签名的证书进行身份验证。
CVSS Information
N/A
Vulnerability Type
N/A