CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-0188

The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to a passthrough trigger.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 58.8%

CVSS Severity

CVSS v2 Score 7.5

References

http://rhn.redhat.com/errata/RHSA-2014-0422.html
http://rhn.redhat.com/errata/RHSA-2014-0423.html
https://bugzilla.redhat.com/show_bug.cgi?id=1090120
http://rhn.redhat.com/errata/RHSA-2014-0422.html
http://rhn.redhat.com/errata/RHSA-2014-0423.html
https://bugzilla.redhat.com/show_bug.cgi?id=1090120

Products affected by CVE-2014-0188

Redhat » Openshift » Version: 1.0

cpe:2.3:a:redhat:openshift:1.0
Redhat » Openshift » Version: 1.2

cpe:2.3:a:redhat:openshift:1.2
Redhat » Openshift » Version: 1.2.7

cpe:2.3:a:redhat:openshift:1.2.7
Redhat » Openshift » Version: 2.0

cpe:2.3:a:redhat:openshift:2.0
Redhat » Openshift » Version: 2.0.5

cpe:2.3:a:redhat:openshift:2.0.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-0188

Products

Pricing

Contact Us