DEBIAN-CVE-2022-0759

DEBIAN-CVE-2022-0759 PUBLISHED CVSS 8.100000381469727 HIGH

A flaw was found in all versions of kubeclient up to (but not including) v4.9.3, the Ruby client for Kubernetes REST API, in the way it parsed kubeconfig files. When the kubeconfig file does not configure custom CA to verify certs, kubeclient ends up accepting any certificate (it wrongly returns VERIFY_NONE). Ruby applications that leverage kubeclient to parse kubeconfig files are susceptible to Man-in-the-middle attacks (MITM).

Risk Scores

CVSS 3.1

8.100000381469727

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian:13	ruby-kubeclient	0, 0, 0
Debian:11	ruby-kubeclient	4.11.0-2, 4.12.0-1, 4.13.0-1
Debian:14	ruby-kubeclient	0, 0, 0
Debian:12	ruby-kubeclient	0, 0, 0

Timeline

Mar 25, 2022 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2022-0759 advisory

Open in Interactive Console →