CVE-2019-3899
heketi: heketi can be installed using insecure defaults
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse. This isue only affects heketi as shipped with Openshift Container Platform 3.11.
Se encontró que la configuración predeterminada de Heketi no requiere ninguna autenticación, y expone potencialmente la interfaz de gestión a un mal uso. Esta situación sólo afecta a heketi tal y como se envía con Openshift Container Platform versión 3.11.
It was found that the default configuration of Heketi does not require any authentication, potentially exposing the Heketi server API to be misused. An unauthenticated attacker could connect remotely to Heketi Server and run arbitrary commands supported by Heketi Server API via Heketi CLI.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-03 CVE Reserved
- 2019-04-22 CVE Published
- 2024-08-04 CVE Updated
- 2024-09-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
- CWE-306: Missing Authentication for Critical Function
- CWE-592: DEPRECATED: Authentication Bypass Issues
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3899 | Issue Tracking |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHSA-2019:3255 | 2023-02-12 | |
https://access.redhat.com/security/cve/CVE-2019-3899 | 2019-10-30 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1701091 | 2019-10-30 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Redhat Search vendor "Redhat" | Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform" | 3.11 Search vendor "Redhat" for product "Openshift Container Platform" and version "3.11" | - |
Affected
| ||||||
Heketi Project Search vendor "Heketi Project" | Heketi Search vendor "Heketi Project" for product "Heketi" | - | - |
Affected
|