RHCOS 3 : Red Hat OpenShift Container Platform 3.7 (RHSA-2017:3188)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:3188 advisory. - 3: authentication bypass for elasticsearch with external routes CVE-2017-12195 Note that Nessus has not tested for this issue but has inste...

RHEL 7 : Red Hat OpenShift Enterprise (RHSA-2017:3389)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:3389 advisory. OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud...

CVE-2017-12195

The CVE-2017-12195 vulnerability affects OpenShift platforms (OpenShift Container Platform/Enterprise) using the openshift elasticsearch plugin. Affected: OpenShift Enterprise/Container Platform 3.x with Elasticsearch; root cause is an authentication bypass where an attacker who knows the authent...

CVE-2017-12195

A flaw was found in all Openshift Enterprise versions using the openshift elasticsearch plugin. An attacker with knowledge of the given name used to authenticate and access Elasticsearch can later access it without the token, bypassing authentication. This attack also requires that the...