This security bulletin contains one medium risk vulnerability.
Exploit availability: NoDescription
The vulnerability allows a remote attacker to perform HTTP request smuggling attack.
The vulnerability exists due to Go programming language accepts and normalizes HTTP requests with malformed HTTP/1.1 headers containing a space before the colon. A remote attacker can use a malformed request to bypass configured filtration and gain access to presumably restricted functionality.Mitigation
Update OpenShift Container Platform to version 4.2.21.Vulnerable software versions
Red Hat OpenShift Container Platform: 4.2.0 - 4.2.20
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?