What is CVE-2018-1085?

CVE-2018-1085 is a critical-severity vulnerability in [Unknown] Openshift-ansible, classified under CWE-592. CVSS score: 9.0/10. Published 2018-06-15.

How severe is CVE-2018-1085?

Critical severity. CVSS v3 base score is 9.0 out of 10.

Vulnerability in [Unknown] Openshift-ansible

CVE-2018-1085

openshift-ansible before versions 3.9.23, 3.7.46 deploys a misconfigured etcd file that causes the SSL client certificate authentication to be disabled. Quotations around the values of ETCD_CLIENT_CERT_AUTH and ETCD_PEER_CLIENT_CERT_AUTH i…

EPSS: 0.014 (80.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.0 (Critical). Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.

Affected products

[Unknown] Openshift-ansible — versions openshift-ansible 3.7.46-1, openshift-ansible 3.9.23-1

Weakness classification (CWE)

CWE-592

References

bugzilla.redhat.com/show_bug.cgi (x_refsource_CONFIRM)
RHSA-2018:2013 (x_refsource_REDHAT, vendor-advisory)

Frequently asked questions

What is CVE-2018-1085?: CVE-2018-1085 is a critical-severity vulnerability in [Unknown] Openshift-ansible, classified under CWE-592. CVSS score: 9.0/10. Published 2018-06-15.
How severe is CVE-2018-1085?: Critical severity. CVSS v3 base score is 9.0 out of 10.