← Back to CVEs
CVE-2019-3899
CRITICAL9.8
Description
It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse. This isue only affects heketi as shipped with Openshift Container Platform 3.11.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published4/22/2019
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
heketi_project:heketiredhat:openshift_container_platform
Weaknesses (CWE)
CWE-592CWE-306
References
https://access.redhat.com/errata/RHSA-2019:3255(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3899(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2019:3255(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3899(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.