First published: Thu Apr 18 2019(Updated: )
Heketi is used to manage GlusterFS nodes and volumes. The default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Redhat Openshift Container Platform | =3.11 | |
Heketi Project Heketi | ||
=3.11 | ||
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-3899 is a vulnerability found in the default configuration of Heketi, which does not require any authentication and potentially exposes the management interface to misuse.
CVE-2019-3899 affects Heketi as shipped with Openshift Container Platform 3.11.
CVE-2019-3899 has a severity value of 9.8 (Critical).
To fix CVE-2019-3899, it is recommended to apply the necessary patches provided by the vendor.
You can find more information about CVE-2019-3899 in the references provided: [link1], [link2], [link3].