CVE-2019-3899

It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse. This isue only affects heketi as shipped with Openshift Container Platform 3.11.

Published: Apr 22, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-3899
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-306
CWE-592

Affected Software
References

Software	From	Fixed in
redhat / openshift_container_platform	3.11	3.11.x

https://access.redhat.com/errata/RHSA-2019:3255
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3899

Vulnerability Database

289,689

CVE-2019-3899