CVE-2019-3899
Summary
| CVE | CVE-2019-3899 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-04-22 16:29:00 UTC |
| Updated | 2023-02-12 23:38:00 UTC |
| Description | It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse. This isue only affects heketi as shipped with Openshift Container Platform 3.11. |
Risk And Classification
Problem Types: CWE-592
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Heketi Project | Heketi | - | All | All | All |
| Application | Heketi Project | Heketi | - | All | All | All |
| Application | Redhat | Openshift Container Platform | 3.11 | All | All | All |
| Application | Redhat | Openshift Container Platform | 3.11 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 1701091 – (CVE-2019-3899) CVE-2019-3899 heketi: heketi can be installed using insecure defaults | CONFIRM | bugzilla.redhat.com | Issue Tracking, Mitigation, Third Party Advisory |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| 1701091 – (CVE-2019-3899) CVE-2019-3899 heketi: heketi can be installed using insecure defaults | MISC | bugzilla.redhat.com | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | REDHAT | access.redhat.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.