CyberSec.Space Logo
Back to CVE Browser

CVE-2019-3899

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1940%
EPSS Percentile42.36th
PublishedApr 22, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse. This isue only affects heketi as shipped with Openshift Container Platform 3.11.

Affected Platforms (CPE)

πŸ“¦
Redhat

Openshift Container Platform

= 3.11
πŸ“¦
Heketi Project

Heketi

All versions

References & Advisories

πŸ”— https://access.redhat.com/errata/RHSA-2019:3255
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3899
πŸ”— https://access.redhat.com/errata/RHSA-2019:3255
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3899

Related Vulnerabilities

CVE-2019-148198.8

A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service acc...

CVE-2018-108438.5

source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vuln...

CVE-2021-201988.1

A flaw was found in the OpenShift Installer before version v0.9.0-master.0.20210125200451-95101da940b0. During installation of Ope...

CVE-2018-146327.7

An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platfo...