Vulnerability Report: GO-2021-0077

A user can use a valid client certificate that contains a CommonName that matches a valid RBAC username to authenticate themselves as that user, despite lacking the required credentials. This may allow authentication bypass, but requires a certificate that is issued by a CA trusted by the server.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL