Vulnerability Description
The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this may overlap CVE-2013-4253 and CVE-2013-4281.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Openshift | < 2.1 |
Related Weaknesses (CWE)
References
- http://openwall.com/lists/oss-security/2014/06/05/19ExploitMailing ListPatch
- http://www.securityfocus.com/bid/67657Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=1097008Issue TrackingVendor Advisory
- https://github.com/openshift/openshift-extras/blob/master/README.mdThird Party Advisory
- https://rhn.redhat.com/errata/RHSA-2014-0487.htmlVendor Advisory
- http://openwall.com/lists/oss-security/2014/06/05/19ExploitMailing ListPatch
- http://www.securityfocus.com/bid/67657Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=1097008Issue TrackingVendor Advisory
- https://github.com/openshift/openshift-extras/blob/master/README.mdThird Party Advisory
- https://rhn.redhat.com/errata/RHSA-2014-0487.htmlVendor Advisory
FAQ
What is CVE-2014-0234?
CVE-2014-0234 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing th...
How severe is CVE-2014-0234?
CVE-2014-0234 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2014-0234?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Openshift.