CVE-2019-3899
CRITICALOpenshift Container Platform 3.11 - Unauthenticated Heketi Management Interface Exposure
Title source: llmDescription
It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse. This isue only affects heketi as shipped with Openshift Container Platform 3.11.
References (2)
Core 2
Core References
Issue Tracking, Mitigation, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3899
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3255
Scores
CVSS v3
9.8
EPSS
0.0040
EPSS Percentile
60.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-306
CWE-592
Status
published
Products (2)
heketi_project/heketi
redhat/openshift_container_platform
3.11
Published
Apr 22, 2019
Tracked Since
Feb 18, 2026