漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Oxia: TLS CA certificate chain validation fails with multi-certificate PEM bundles
Vulnerability Description
Oxia is a metadata store and coordination system. Prior to 0.16.2, the trustedCertPool() function in the TLS configuration only parses the first PEM block from CA certificate files. When a CA bundle contains multiple certificates (e.g., intermediate + root CA), only the first certificate is loaded. This silently breaks certificate chain validation for mTLS. This vulnerability is fixed in 0.16.2.
CVSS Information
N/A
Vulnerability Type
证书验证不恰当
Vulnerability Title
oxia 信任管理问题漏洞
Vulnerability Description
oxia是Oxia开源的一个分布式元数据存储与协调系统。 oxia 0.16.2之前版本存在信任管理问题漏洞,该漏洞源于TLS配置中的trustedCertPool函数仅解析CA证书文件中的第一个PEM块,当CA捆绑包包含多个证书时,可能导致mTLS的证书链验证静默失效。
CVSS Information
N/A
Vulnerability Type
N/A