CVE-2014-0188

The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to a passthrough trigger.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*

History

21 Nov 2024, 02:01

Type Values Removed Values Added
References () http://rhn.redhat.com/errata/RHSA-2014-0422.html - Vendor Advisory () http://rhn.redhat.com/errata/RHSA-2014-0422.html - Vendor Advisory
References () http://rhn.redhat.com/errata/RHSA-2014-0423.html - Vendor Advisory () http://rhn.redhat.com/errata/RHSA-2014-0423.html - Vendor Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=1090120 - Vendor Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=1090120 - Vendor Advisory

Information

Published : 2014-04-24 14:55

Updated : 2024-11-21 02:01


NVD link : CVE-2014-0188

Mitre link : CVE-2014-0188

CVE.ORG link : CVE-2014-0188


JSON object : View

Products Affected

redhat

  • openshift
CWE
CWE-287

Improper Authentication