CVE-2014-0188Improper Authentication in Redhat Openshift

CWE-287Improper Authentication5 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 40.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Openshift
Timeline
PublishedApr 24
Latest updateMay 14

Description

The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to a passthrough trigger.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDredhat/openshift2.02.0.5+1

🔴Vulnerability Details

2
GHSA
GHSA-p2j4-wp52-g89q: The openshift-origin-broker in Red Hat OpenShift Enterprise 22022-05-14
CVEList
CVE-2014-0188: The openshift-origin-broker in Red Hat OpenShift Enterprise 22014-04-24

📋Vendor Advisories

1
Red Hat
OpenShift: openshift-origin-broker plugin allows impersonation2014-04-23

💬Community

1
Bugzilla
CVE-2014-0188 OpenShift: openshift-origin-broker plugin allows impersonation2014-04-22
CVE-2014-0188 — Improper Authentication in Redhat | cvebase