{"api_version":"1","generated_at":"2026-04-23T02:57:46+00:00","cve":"CVE-2019-3899","urls":{"html":"https://cve.report/CVE-2019-3899","api":"https://cve.report/api/cve/CVE-2019-3899.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-3899","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-3899"},"summary":{"title":"CVE-2019-3899","description":"It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse. This isue only affects heketi as shipped with Openshift Container Platform 3.11.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2019-04-22 16:29:00","updated_at":"2023-02-12 23:38:00"},"problem_types":["CWE-592"],"metrics":[],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3899","name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3899","refsource":"CONFIRM","tags":["Issue Tracking","Mitigation","Third Party Advisory"],"title":"1701091 – (CVE-2019-3899) CVE-2019-3899 heketi: heketi can be installed using insecure defaults","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/security/cve/CVE-2019-3899","name":"https://access.redhat.com/security/cve/CVE-2019-3899","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1701091","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1701091","refsource":"MISC","tags":[],"title":"1701091 – (CVE-2019-3899) CVE-2019-3899 heketi: heketi can be installed using insecure defaults","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2019:3255","name":"RHSA-2019:3255","refsource":"REDHAT","tags":["Third Party Advisory"],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-3899","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3899","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"3899","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"heketi_project","cpe5":"heketi","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3899","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"heketi_project","cpe5":"heketi","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3899","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"openshift_container_platform","cpe6":"3.11","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3899","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"openshift_container_platform","cpe6":"3.11","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2019-3899","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse. This isue only affects heketi as shipped with Openshift Container Platform 3.11."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-592","cweId":"CWE-592"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"The Heketi Project","product":{"product_data":[{"product_name":"heketi","version":{"version_data":[{"version_affected":"=","version_value":"heketi 6 as shipped with Openshift Container Platform 3.11"}]}}]}}]}},"references":{"reference_data":[{"url":"https://access.redhat.com/errata/RHSA-2019:3255","refsource":"MISC","name":"https://access.redhat.com/errata/RHSA-2019:3255"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3899","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3899"}]},"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":7.3,"baseSeverity":"HIGH","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","version":"3.0"}]}},"nvd":{"publishedDate":"2019-04-22 16:29:00","lastModifiedDate":"2023-02-12 23:38:00","problem_types":["CWE-592"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:heketi_project:heketi:-:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"3899","Ordinal":"141508","Title":"CVE-2019-3899","CVE":"CVE-2019-3899","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"3899","Ordinal":"1","NoteData":"It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse. This isue only affects heketi as shipped with Openshift Container Platform 3.11.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"3899","Ordinal":"2","NoteData":"2019-04-22","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"3899","Ordinal":"3","NoteData":"2019-10-30","Type":"Other","Title":"Modified"}]}}}