CVE-2022-0759: 
Ruby vulnerability analysis and mitigation

CVE-2022-0759 is a security vulnerability discovered in kubeclient, the Ruby client for Kubernetes REST API, related to the way it parsed kubeconfig files. The vulnerability was disclosed in March 2022. When the kubeconfig did not define a custom CA (which is a normal situation for production clusters with public domain and certificate), Config would return ssloptions[:verifyssl] hard-coded to VERIFY_NONE, potentially allowing man-in-the-middle attacks (Github Issue).

The vulnerability stems from a dangerous default configuration in Kubeclient::Config where whenever kubeconfig did not define custom CA, the Config would return ssloptions[:verifyssl] set to VERIFY_NONE. Additionally, the insecure-skip-tls-verify field in kubeconfig was never honored, preventing users from overriding the default behavior (Github Issue, Github Issue).

This vulnerability could allow man-in-the-middle (MITM) attacks by accepting ANY certificate instead of checking the server's certificate against the system CA store. This is particularly dangerous when using user/password or token credentials, as an MITM attacker could steal these credentials and gain full access to the cluster with the same privileges as the legitimate user (Github Issue).

The vulnerability was addressed in subsequent releases of affected products, including Red Hat OpenShift Logging 5.3.7 and Logging Subsystem 5.5.0. Users should upgrade to the patched versions to protect against potential MITM attacks (Red Hat Advisory, Red Hat Advisory).