CVE-2014-0188CVE-2014-0188

Affected configuration(s):

cpe:/a:redhat:openshift:1.0:-:enterprise
cpe:/a:redhat:openshift:1.1:-:enterprise
cpe:/a:redhat:openshift:1.2::enterprise
cpe:/a:redhat:openshift:1.2.1::enterprise
cpe:/a:redhat:openshift:1.2.2:-:enterprise
cpe:/a:redhat:openshift:1.2.3::enterprise
cpe:/a:redhat:openshift:1.2.4::enterprise
cpe:/a:redhat:openshift:1.2.5::enterprise
cpe:/a:redhat:openshift:1.2.6::enterprise
cpe:/a:redhat:openshift:1.2.7::enterprise
cpe:/a:redhat:openshift:2.0::enterprise
cpe:/a:redhat:openshift:2.0.1::enterprise
cpe:/a:redhat:openshift:2.0.2::enterprise
cpe:/a:redhat:openshift:2.0.3::enterprise
cpe:/a:redhat:openshift:2.0.4::enterprise
cpe:/a:redhat:openshift:2.0.5::enterprise

Date published: 2014-04-24T10:55:04.263-04:00

Date last modified: 2014-04-24T15:06:46.787-04:00

CVSS Score: 7.5

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://rhn.redhat.com/errata/RHSA-2014-0422.html

Summary: The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to a passthrough trigger.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.