CVE-2019-3899 HIGH

CVE-2019-3899

Vendor The Heketi Project
Product heketi
Weakness CWE-592
Published April 22, 2019
Last update August 4, 2024

CVSS base score

7.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse. This isue only affects heketi as shipped with Openshift Container Platform 3.11.

Key dates

02Disclosure timeline

April 22, 2019 CVE published
August 4, 2024 Record updated