Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0188

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2014-0188
Last Modified 24 Apr 2014 03:06:46
Published 24 Apr 2014 10:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-0188

Summary

The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to a passthrough trigger.

Vulnerable Systems

Application

  • Redhat Openshift 1.0

  • Redhat Openshift 1.1

  • Redhat Openshift 1.2

  • Redhat Openshift 1.2.1

  • Redhat Openshift 1.2.2

  • Redhat Openshift 1.2.3

  • Redhat Openshift 1.2.4

  • Redhat Openshift 1.2.5

  • Redhat Openshift 1.2.6

  • Redhat Openshift 1.2.7

  • Redhat Openshift 2.0

  • Redhat Openshift 2.0.1

  • Redhat Openshift 2.0.2

  • Redhat Openshift 2.0.3

  • Redhat Openshift 2.0.4

  • Redhat Openshift 2.0.5


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1090120

REDHAT - RHSA-2014:0423

REDHAT - RHSA-2014:0422


Last Updated: 27 May 2016 11:05:05