Vulnerability Details : CVE-2014-0188
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to a passthrough trigger.
Vulnerability category: BypassGain privilege
Products affected by CVE-2014-0188
Exploit prediction scoring system (EPSS) score for CVE-2014-0188
0.62%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 76 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-0188
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2014-0188
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-0188
-
https://bugzilla.redhat.com/show_bug.cgi?id=1090120
1090120 – (CVE-2014-0188) CVE-2014-0188 OpenShift: openshift-origin-broker plugin allows impersonationVendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2014-0423.html
RHSA-2014:0423 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2014-0422.html
RHSA-2014:0422 - Security Advisory - Red Hat Customer PortalVendor Advisory
Jump to