CVE-2017-12195

A flaw was found in all Openshift Enterprise versions using the openshift elasticsearch plugin. An attacker with knowledge of the given name used to authenticate and access Elasticsearch can later access it without the token, bypassing authentication. This attack also requires that the Elasticsearch be configured with an external route, and the data accessed is limited to the indices.

Published: Jul 27, 2018
Updated: Apr 13, 2023
CVE: CVE-2017-12195
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.8
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

CWEs:

CWE-287
CWE-295

OWASP TOP 10:

A2 - Broken Authentication
A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
redhat / openshift_container_platform	3.4	3.4.x
redhat / openshift_container_platform	3.5	3.5.x
redhat / openshift_container_platform	3.6	3.6.x
redhat / openshift_container_platform	3.7	3.7.x

https://access.redhat.com/errata/RHSA-2017:3188
https://access.redhat.com/errata/RHSA-2017:3389
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12195

Vulnerability Database

289,599

CVE-2017-12195