What is CVE-2019-3899?

CVE-2019-3899 is a high-severity vulnerability in The Heketi Project, classified under CWE-592. CVSS score: 7.3/10. Published 2019-04-22.

How severe is CVE-2019-3899?

High severity. CVSS v3 base score is 7.3 out of 10.

Vulnerability in The Heketi Project

CVE-2019-3899

It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse. This isue only affects heketi as shipped with Openshift Container Platform 3.11.

EPSS: 0.004 (60.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.3 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L.

Affected products

The Heketi Project — versions heketi 6 as shipped with Openshift Container Platform 3.11

Weakness classification (CWE)

CWE-592

References

bugzilla.redhat.com/show_bug.cgi (x_refsource_CONFIRM)
RHSA-2019:3255 (vendor-advisory, x_refsource_REDHAT)

Frequently asked questions

What is CVE-2019-3899?: CVE-2019-3899 is a high-severity vulnerability in The Heketi Project, classified under CWE-592. CVSS score: 7.3/10. Published 2019-04-22.
How severe is CVE-2019-3899?: High severity. CVSS v3 base score is 7.3 out of 10.