CVE-2019-3899
7.3
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Summary
It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse. This isue only affects heketi as shipped with Openshift Container Platform 3.11.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| The Heketi Project | heketi | heketi 6 as shipped with Openshift Container Platform 3.11 | affected |
Weaknesses
- CWE-592: CWE-592
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3899
- https://access.redhat.com/errata/RHSA-2019:3255
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3899
- https://access.redhat.com/errata/RHSA-2019:3255
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.