// For flags

CVE-2014-0188

OpenShift: openshift-origin-broker plugin allows impersonation

Severity Score

7.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to a passthrough trigger.

El openshift-origin-broker en Red Hat OpenShift Enterprise 2.0.5, 1.2.7, y anteriores no maneja adecuadamente las peticiones de autenticación provenientes del plugin de autenticación de usuarios remotos, lo que permite a atacantes remotos evitar la autenticación y suplantar a usuarios arbitrarios a través de las cabeceras X-Remote-User en las peticiones provocando un bypass.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2013-12-03 CVE Reserved
  • 2014-04-23 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-287: Improper Authentication
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Redhat
Search vendor "Redhat"
Openshift
Search vendor "Redhat" for product "Openshift"
<= 1.2.7
Search vendor "Redhat" for product "Openshift" and version " <= 1.2.7"
enterprise
Affected
Redhat
Search vendor "Redhat"
Openshift
Search vendor "Redhat" for product "Openshift"
>= 2.0 <= 2.0.5
Search vendor "Redhat" for product "Openshift" and version " >= 2.0 <= 2.0.5"
enterprise
Affected