Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1501986 - (CVE-2017-12195) CVE-2017-12195 OpenShift Enterprise 3: authentication bypass for elasticsearch with external routes
CVE-2017-12195 OpenShift Enterprise 3: authentication bypass for elasticsearc...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20171128,repor...
: Security
Depends On: 1500086 1501987 1510117 1510118 1518397
Blocks: 1500758
  Show dependency treegraph
 
Reported: 2017-10-13 12:10 EDT by Kurt Seifried
Modified: 2018-02-12 03:52 EST (History)
20 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
An attacker with knowledge of the given name used to authenticate and access Elasticsearch can later access it without the token, bypassing authentication. This attack also requires that the Elasticsearch be configured with an external route, and the data accessed is limited to the indices.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-12-14 23:42:30 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:3188 normal SHIPPED_LIVE Moderate: Red Hat OpenShift Container Platform 3.7 security, bug, and enhancement update 2017-11-28 21:34:54 EST
Red Hat Product Errata RHSA-2017:3389 normal SHIPPED_LIVE Moderate: Red Hat OpenShift Enterprise security, bug fix, and enhancement update 2017-12-07 07:09:10 EST

  None (edit)
Description Kurt Seifried 2017-10-13 12:10:49 EDT 
Rich Megginson of Red Hat reports:

When deploying Openshift with logging using Elasticsearch exposed as an external route it is possible for an attacker to connect to Elasticsearch without authentication.
Comment 1 Kurt Seifried 2017-10-13 12:10:54 EDT 
Acknowledgments:

Name: Rich Megginson (Red Hat)
Comment 10 Rich Megginson 2017-11-02 17:48:09 EDT 
I'm still waiting to hear if I need a separate errata for OSE 3.7, or if it is still possible to get this into 3.7.0.

I will need errata for 3.6, 3.5, and 3.4.  That means I will need bz for those releases.  There is already a 3.5 bz: https://bugzilla.redhat.com/show_bug.cgi?id=1501987

There is another bz attached to this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1500758 I cannot view this - is this a 3.6 or 3.4 bz?
Comment 18 errata-xmlrpc 2017-11-28 16:50:02 EST 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 3.7

Via RHSA-2017:3188 https://access.redhat.com/errata/RHSA-2017:3188
Comment 21 errata-xmlrpc 2017-12-07 02:10:11 EST 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 3.6
  Red Hat OpenShift Container Platform 3.5
  Red Hat OpenShift Container Platform 3.4

Via RHSA-2017:3389 https://access.redhat.com/errata/RHSA-2017:3389
Comment 22 Mark Knowles 2017-12-14 23:42:30 EST 
Elasicsearch authentication can be bypassed when external routes are used with OpenShift Enterprise.

Upstream bug:

https://github.com/openshift/origin-aggregated-logging/pull/826
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.