It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse. This isue only affects heketi as shipped with Openshift Container Platform 3.11.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2019:3255 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3899 | Issue Tracking Mitigation Third Party Advisory |
Configurations
History
12 Feb 2023, 23:38
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-592 | |
References |
|
|
Summary | It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse. This isue only affects heketi as shipped with Openshift Container Platform 3.11. |
02 Feb 2023, 21:19
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | It was found that the default configuration of Heketi does not require any authentication, potentially exposing the Heketi server API to be misused. An unauthenticated attacker could connect remotely to Heketi Server and run arbitrary commands supported by Heketi Server API via Heketi CLI. |
Information
Published : 2019-04-22 16:29
Updated : 2023-12-10 12:59
NVD link : CVE-2019-3899
Mitre link : CVE-2019-3899
CVE.ORG link : CVE-2019-3899
JSON object : View
Products Affected
heketi_project
- heketi
redhat
- openshift_container_platform