How severe is CVE-2021-3636?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.6 out of 10.

What type of vulnerability is CVE-2021-3636?

This is classified as CWE-295, which is a common weakness in software security.

CVE-2021-3636 - MEDIUM Severity | CVSS 4.6

Vulnerability Description

It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. The Service CA is automatically mounted into all pods, allowing them to safely connect to trusted in-cluster services that present certificates signed by the trusted Service CA. The incorrect inclusion of additional CAs in this certificate would allow an attacker that compromises any of the additional CAs to masquerade as a trusted in-cluster service.

Related Vulnerabilities

CVE-2020-29440

MEDIUM

CVSS:4.6(Medium)

Tesla Model X vehicles before 2020-11-23 do not perform certificate validation during an attempt to pair a new key fob with the body control module (BCM). This allows an attacker (who is inside a vehi...

CWE-2952020

CVE-2022-39334

MEDIUM

CVSS:4.7(Medium)

Nextcloud also ships a CLI utility called nextcloudcmd which is sometimes used for automated scripting and headless servers. Versions of nextcloudcmd prior to 3.6.1 would incorrectly trust invalid TLS...

CWE-2952022

CVE-2023-35845

MEDIUM

CVSS:4.7(Medium)

Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certificate validation by modifying the cacert.pem file used by the installed pip program. This occurs because many files are installed as ...

CWE-2952023

CVE-2018-12257

MEDIUM

CVSS:4.4(Medium)

An issue was discovered on Momentum Axel 720P 5.1.8 devices. There is Authenticated Custom Firmware Upgrade via DNS Hijacking. An authenticated root user with CLI access is able to remotely upgrade fi...

CWE-2952018

CVE-2020-29457

MEDIUM

CVSS:4.4(Medium)

A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 could allow a rogue application to establish a secure connection.

CWE-2952020

CVE-2017-2387

MEDIUM

CVSS:4.8(Medium)

The Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obta...

CWE-2952017