Management Interface Exposed

2019-04-2306:15:39

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.002 Low

EPSS

Percentile

61.9%

JSON

github.com/heketi/heketi does not require authentication to its management interface. This allows a remote attacker to gain unauthenticated access to management functions and perform further attacks against the application.

CPENameOperatorVersion
github.com/heketi/heketieqHEAD
github.com/heketi/heketile9.0.0
heketieq1.0.2__1.el7rhgs
heketieq5.0.0__16.el7rhgs
heketieq7.0.0__11.el7rhgs
heketieq6.0.0__1.el7
heketieq8.0.0__12.el7rhgs
heketieq7.0.0__15.el7rhgs
heketieq4.0.0__9.el7rhgs
heketieq6.0.0__7.1.el7rhgs

Name	Operator	Version
github.com/heketi/heketi	eq	HEAD
github.com/heketi/heketi	le	9.0.0
heketi	eq	1.0.2__1.el7rhgs
heketi	eq	5.0.0__16.el7rhgs
heketi	eq	7.0.0__11.el7rhgs
heketi	eq	6.0.0__1.el7
heketi	eq	8.0.0__12.el7rhgs
heketi	eq	7.0.0__15.el7rhgs
heketi	eq	4.0.0__9.el7rhgs
heketi	eq	6.0.0__7.1.el7rhgs