PT-2019-2589 · Red Hat · Openshift Container Platform +1

Name of the Vulnerable Software and Affected Versions: Heketi versions as shipped with Openshift Container Platform 3.11 Description: The issue is related to the lack of an authentication procedure in the standard settings of Heketi, a network software tool. This could allow a remote attacker to...

Information Disclosure Through Insecure Defaults

github.com/heketi/heketi is vulnerable to information disclosure through insecure defaults. The application by default sets the /etc/heketi/heketi.json as world readable, allowing a malicious user to access sensitive information contained in it such as passwords...