CVE-2019-3899

Published: Apr 22, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse. This isue only affects heketi as shipped with Openshift Container Platform 3.11.

Affected Products (2)

CPE details will appear after the next data sync.

Heketi Project

1 product

Heketi

Redhat

1 product

Openshift Container Platform

References (4)

https://access.redhat.com/errata/RHSA-2019:3255

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3899

Source: secalert@redhat.com

Issue TrackingMitigationThird Party Advisory

https://access.redhat.com/errata/RHSA-2019:3255

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3899

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingMitigationThird Party Advisory

Timeline

No history available yet.