CVE-2019-3899DEPRECATED: Authentication Bypass Issues in Heketi Project Heketi

CWE-592DEPRECATED: Authentication Bypass IssuesCWE-306Missing Authentication for Critical FunctionCWE-287Improper Authentication7 documents5 sources
Severity
9.8CRITICALNVD
EPSS
0.4%
top 39.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
THE Heketi Project HeketiRedhat Openshift Container Platform
Timeline
PublishedApr 22
Latest updateMay 24

Description

It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse. This isue only affects heketi as shipped with Openshift Container Platform 3.11.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

CVEListV5the_heketi_project/heketiheketi 6 as shipped with Openshift Container Platform 3.11

Also affects: Openshift Container Platform 3.11

🔴Vulnerability Details

2
GHSA
GHSA-g8m6-5j3r-8xg4: It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse2022-05-24
CVEList
CVE-2019-3899: It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse2019-04-22

📋Vendor Advisories

1
Red Hat
heketi: heketi can be installed using insecure defaults2019-04-18

💬Community

3
Bugzilla
CVE-2019-3899 heketi: heketi can be installed using insecure defaults [fedora-all]2019-05-03
Bugzilla
CVE-2019-3899 heketi: heketi can be installed using insecure defaults [fedora-all]2019-05-03
Bugzilla
CVE-2019-3899 heketi: heketi can be installed using insecure defaults2019-04-18
CVE-2019-3899 — THE Heketi Project Heketi vulnerability | cvebase