Bug 1501986 (CVE-2017-12195)
Summary: | CVE-2017-12195 OpenShift Enterprise 3: authentication bypass for elasticsearch with external routes | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Kurt Seifried <kseifried> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | ahardin, anli, bleanhar, ccoleman, dbaker, dedgar, dmcphers, jcantril, jgoulding, jkeck, juzhao, kseifried, lrock, mknowles, pportant, rmeggins, security-response-team, smunilla, wsun, xtian |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
An attacker with knowledge of the given name used to authenticate and access Elasticsearch can later access it without the token, bypassing authentication. This attack also requires that the Elasticsearch be configured with an external route, and the data accessed is limited to the indices.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2017-12-15 04:42:30 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1500086, 1501987, 1510117, 1510118, 1518397 | ||
Bug Blocks: | 1500758 |
Description
Kurt Seifried
2017-10-13 16:10:49 UTC
Acknowledgments: Name: Rich Megginson (Red Hat) I'm still waiting to hear if I need a separate errata for OSE 3.7, or if it is still possible to get this into 3.7.0. I will need errata for 3.6, 3.5, and 3.4. That means I will need bz for those releases. There is already a 3.5 bz: https://bugzilla.redhat.com/show_bug.cgi?id=1501987 There is another bz attached to this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1500758 I cannot view this - is this a 3.6 or 3.4 bz? This issue has been addressed in the following products: Red Hat OpenShift Container Platform 3.7 Via RHSA-2017:3188 https://access.redhat.com/errata/RHSA-2017:3188 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 3.6 Red Hat OpenShift Container Platform 3.5 Red Hat OpenShift Container Platform 3.4 Via RHSA-2017:3389 https://access.redhat.com/errata/RHSA-2017:3389 Elasicsearch authentication can be bypassed when external routes are used with OpenShift Enterprise. Upstream bug: https://github.com/openshift/origin-aggregated-logging/pull/826 |