CyberSec.Space Logo
CVEブラウザに戻る

CVE-2014-0234

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1270%
EPSS Percentile7.16th
Published2020年2月12日
Last Modified2024年11月21日

Vulnerability Description

The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this may overlap CVE-2013-4253 and CVE-2013-4281.

Affected Platforms (CPE)

📦
Redhat

Openshift

< 2.1

References & Advisories

🔗 http://openwall.com/lists/oss-security/2014/06/05/19
🔗 http://www.securityfocus.com/bid/67657
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=1097008
🔗 https://github.com/openshift/openshift-extras/blob/master/README.md
🔗 https://rhn.redhat.com/errata/RHSA-2014-0487.html
🔗 http://openwall.com/lists/oss-security/2014/06/05/19
🔗 http://www.securityfocus.com/bid/67657
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=1097008

関連する脆弱性情報

CVE-2014-349610.0

cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary comman...

CVE-2013-20959.8

rubygem-openshift-origin-controller: API can be used to create applications via cartridge_cache.rb URI.prase() to perform command ...

CVE-2019-38999.8

It was found that default configuration of Heketi does not require any authentication potentially exposing the management interfac...

CVE-2013-20609.8

The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters ...