CVE-2017-12195

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Openshift Enterprise versions (affected versions not specified)

Description: A flaw was found in Openshift Enterprise that allows an attacker to bypass authentication and access Elasticsearch without a token, given they have knowledge of the name used for authentication. This attack requires Elasticsearch to be configured with an external route, and the accessed data is limited to the indices.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authentication

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-295

Related Identifiers

CVE-2017-12195

RHSA-2017:3188

RHSA-2017:3389

Affected Products

Openshift Enterprise

CVE-2017-12195

Weakness Enumeration

Related Identifiers

Affected Products

References · 5