#VU71362 Protection Mechanism Failure in Red Hat OpenShift Container Platform - CVE-2022-3259


Vulnerability identifier: #VU71362

Vulnerability risk: Low

CVSSv4.0: 0.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-3259

CWE-ID: CWE-693

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Red Hat OpenShift Container Platform
Client/Desktop applications / Software for system administration

Vendor: Red Hat Inc.

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to missing HTTP Strict Transport Security (HSTS) header. A remote attacker can perform MitM attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: before 4.12.0, 4.12.0

External links
https://access.redhat.com/errata/RHSA-2022:7399
https://bugzilla.redhat.com/show_bug.cgi?id=2103220

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Red Hat Ansible Automation Platform 2.4 for RHEL 9
Multiple vulnerabiltiies in Red Hat OpenShift Service Mesh Containers 2.4
Multiple vulnerabilities in OpenShift Container Platform 4.13
OpenShift Container Platform release 4.13 update for golang
Multiple vulnerabilities in OpenShift Container Platform 4.13
Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.13
Multiple vulnerabilities in OpenShift Container Platform 4.12
Multiple vulnerabilities in Red Hat Migration Toolkit for Applications
Multiple vulnerabilities in Migration Toolkit for Containers (MTC)
Multiple vulnerabilities in Migration Toolkit for Containers (MTC)