{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-01T07:37:13.624","vulnerabilities":[{"cve":{"id":"CVE-2020-25688","sourceIdentifier":"secalert@redhat.com","published":"2020-11-23T22:15:12.180","lastModified":"2024-11-21T05:18:28.433","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Two internal service APIs were incorrectly provisioned using a test certificate from the source repository. This would result in all installations using the same certificates. If an attacker could observe network traffic internal to a cluster, they could use the private key to decode API requests that should be protected by TLS sessions, potentially obtaining information they would not otherwise be able to. These certificates are not used for service authentication, so no opportunity for impersonation or active MITM attacks were made possible."},{"lang":"es","value":"Se encontró un fallo en rhacm versiones anteriores a 2.0.5 y anteriores a 2.1.0. Se aprovisionaron incorrectamente dos API de servicios internos usando un certificado de prueba del repositorio de origen. Esto resultaría en que todas las instalaciones utilicen los mismos certificados. Si un atacante pudiera observar el tráfico de red interno en un clúster, podría usar la clave privada para decodificar las peticiones de la API que deberían estar protegidas por sesiones TLS, obteniendo potencialmente información que de otro modo no podrían obtener. Estos certificados no se usan para la autenticación de servicios, por lo que no hay oportunidad de que una suplantación de identidad o ataques MITM activos sea posible realizar"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.5,"baseSeverity":"LOW","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:A/AC:L/Au:S/C:P/I:N/A:N","baseScore":2.7,"accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":5.1,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-321"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0.5","matchCriteriaId":"78C66909-F927-460E-9B2F-45E32949B4F2"}]}]}],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1892551","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1892551","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Vendor Advisory"]}]}}]}