CyberSec.Space Logo
Back to CVE Browser

CVE-2014-0234

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1270%
EPSS Percentile7.16th
PublishedFeb 12, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this may overlap CVE-2013-4253 and CVE-2013-4281.

Affected Platforms (CPE)

πŸ“¦
Redhat

Openshift

< 2.1

References & Advisories

πŸ”— http://openwall.com/lists/oss-security/2014/06/05/19
πŸ”— http://www.securityfocus.com/bid/67657
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=1097008
πŸ”— https://github.com/openshift/openshift-extras/blob/master/README.md
πŸ”— https://rhn.redhat.com/errata/RHSA-2014-0487.html
πŸ”— http://openwall.com/lists/oss-security/2014/06/05/19
πŸ”— http://www.securityfocus.com/bid/67657
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=1097008

Related Vulnerabilities

CVE-2014-349610.0

cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary comman...

CVE-2013-20959.8

rubygem-openshift-origin-controller: API can be used to create applications via cartridge_cache.rb URI.prase() to perform command ...

CVE-2019-38999.8

It was found that default configuration of Heketi does not require any authentication potentially exposing the management interfac...

CVE-2013-20609.8

The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters ...