CVE-2019-3899

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Heketi versions as shipped with Openshift Container Platform 3.11

Description The issue is related to the lack of an authentication procedure in the standard settings of Heketi, a network software tool. This could allow a remote attacker to execute arbitrary commands supported by the Heketi Server API using the Heketi CLI command-line interface.

Recommendations For Heketi versions as shipped with Openshift Container Platform 3.11, consider configuring authentication for the management interface to prevent potential misuse. As a temporary workaround, restrict access to the Heketi CLI command-line interface and the Heketi Server API until proper authentication is set up.

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306CWE-592

Related Identifiers

BDU:2019-02468

CVE-2019-3899

RHSA-2019:3255

Affected Products

Heketi

Openshift Container Platform

CVE-2019-3899

Weakness Enumeration

Related Identifiers

Affected Products

References · 6