CVE-2014-0234 - Vulnerability Details

- openshift-origin-broker: default password creation

Description

The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this may overlap CVE-2013-4253 and CVE-2013-4281.

Published: 2020-02-12

Score: 9.8 Critical

EPSS: 8.8% Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

Red Hat OpenShift Enterprise

affected

Version	Status	Constraints
`2.x before 2.1`	affected	—

Configuration 1 [-]

cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*

Package	CPE	Advisory	Released Date
Red Hat OpenShift Enterprise 2.1
activemq-0:5.9.0-5.redhat.610328.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
armadillo-0:3.800.2-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
atlas-0:3.8.4-2.el6	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
cfitsio-0:3.240-3.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
CharLS-0:1.0-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
facter-0:1.6.6-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
freexl-0:1.0.0d-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
gd-0:2.0.35-11.el6	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
gdal-0:1.9.2-8.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
geos-0:3.3.2-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ghostscript-0:8.70-19.el6	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
gpsbabel-0:1.4.4-4.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
haproxy-0:1.4.22-5.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
haproxy15side-0:1.5-0.1.dev19.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
hdf5-0:1.8.5.patch1-7.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
icu-0:4.2.1-9.1.el6_2	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ImageMagick-0:6.5.4.7-7.el6_5	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
jasper-0:1.900.1-15.el6_1.1	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
jboss-eap6-index-0:6.0.1.GA-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
jboss-eap6-modules-0:6.0.0.GA-8.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
jboss-openshift-metrics-module-0:1.0.2.redhat_1-1.2.el6_5	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
jenkins-0:1.509.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
jenkins-plugin-openshift-0:0.6.28-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
js-0:1.70-12.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
json-c-0:0.10-3.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
jython-0:2.2.1-4.8.el6	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
lapack-0:3.2.1-4.el6	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
lcms-0:1.19-1.el6	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
libc-client-0:2007e-11.el6	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
libcgroup-0:0.40.rc1-5.el6_5.1	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
libdap-0:3.11.0-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
libestr-0:0.1.5-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
libev-0:4.04-4.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
libffi-0:3.0.5-3.2.el6	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
libgeotiff-0:1.2.5-5.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
libgta-0:1.0.2-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
libmcrypt-0:2.5.8-10.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
libreadline-java-0:0.8.0-24.3.el6	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
libspatialite-0:2.4.0-0.6.RC4.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
libwebp-0:0.3.0-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
mongodb-0:2.4.6-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
netcdf-0:4.1.1-3.el6op.3	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
nodejs010-nodejs-bignumber.js-0:1.1.1-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
nodejs010-nodejs-bson-0:0.2.2-3.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
nodejs010-nodejs-buffer-crc32-0:0.2.1-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
nodejs010-nodejs-bytes-0:0.2.1-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
nodejs010-nodejs-colors-0:0.6.2-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
nodejs010-nodejs-commander-0:1.1.1-3.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
nodejs010-nodejs-connect-0:2.7.10-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
nodejs010-nodejs-cookie-0:0.1.0-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
nodejs010-nodejs-cookie-signature-0:1.0.1-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
nodejs010-nodejs-debug-0:0.7.2-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
nodejs010-nodejs-express-0:3.2.5-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
nodejs010-nodejs-formidable-0:1.0.14-3.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
nodejs010-nodejs-fresh-0:0.2.0-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
nodejs010-nodejs-generic-pool-0:2.0.3-3.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
nodejs010-nodejs-keypress-0:0.2.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
nodejs010-nodejs-methods-0:0.0.1-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
nodejs010-nodejs-mongodb-0:1.3.17-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
nodejs010-nodejs-mysql-0:2.0.0-alpha9.1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
nodejs010-nodejs-node-static-0:0.6.9-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
nodejs010-nodejs-optimist-0:0.4.0-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
nodejs010-nodejs-options-0:0.0.5-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
nodejs010-nodejs-pause-0:0.0.1-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
nodejs010-nodejs-pg-0:0.12.3-3.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
nodejs010-nodejs-range-parser-0:0.0.4-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
nodejs010-nodejs-require-all-0:0.0.8-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
nodejs010-nodejs-send-0:0.1.4-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
nodejs010-nodejs-supervisor-0:0.5.2-3.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
nodejs010-nodejs-tinycolor-0:0.0.1-5.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
nodejs010-nodejs-wordwrap-0:0.0.2-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
nodejs010-nodejs-ws-0:0.4.25-8.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
openshift-enterprise-upgrade-0:2.1.0-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
openshift-origin-broker-0:1.16.1.3-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
openshift-origin-broker-util-0:1.23.8.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
openshift-origin-cartridge-cron-0:1.21.2-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
openshift-origin-cartridge-dependencies-0:1.23.3.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
openshift-origin-cartridge-diy-0:1.21.3.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
openshift-origin-cartridge-haproxy-0:1.23.5.3-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
openshift-origin-cartridge-jbosseap-0:2.16.3.4-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
openshift-origin-cartridge-jbossews-0:1.22.3.4-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
openshift-origin-cartridge-jenkins-0:1.20.3.3-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
openshift-origin-cartridge-jenkins-client-0:1.19.3-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
openshift-origin-cartridge-mock-0:1.18.2-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
openshift-origin-cartridge-mock-plugin-0:1.18.2-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
openshift-origin-cartridge-mysql-0:1.23.4.3-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
openshift-origin-cartridge-nodejs-0:1.24.3.3-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
openshift-origin-cartridge-perl-0:1.22.5.3-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
openshift-origin-cartridge-php-0:1.23.3.4-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
openshift-origin-cartridge-postgresql-0:1.23.3.3-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
openshift-origin-cartridge-python-0:1.23.4.3-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
openshift-origin-cartridge-ruby-0:1.23.3.3-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
openshift-origin-console-0:1.16.2.3-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
openshift-origin-logshifter-0:1.5.2-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
openshift-origin-msg-common-0:1.19.2-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
openshift-origin-msg-node-mcollective-0:1.22.2-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
openshift-origin-node-proxy-0:1.22.3.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
openshift-origin-node-util-0:1.22.6.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
openshift-origin-port-proxy-0:1.9.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
openshift-origin-util-scl-0:1.17.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
org.apache.maven-maven-0:3.0.3-4	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
pam_openshift-0:1.12.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
perl-App-cpanminus-0:1.4008-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
perl-Class-Accessor-0:0.31-6.1.el6	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
perl-Class-Data-Inheritable-0:0.08-3.1.el6	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
perl-Class-DBI-0:3.0.17-5.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
perl-Class-DBI-Pg-0:0.09-9.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
perl-Class-Factory-Util-0:1.7-5.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
perl-Class-Trigger-0:0.13-2.1.el6	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
perl-Clone-0:0.31-3.1.el6	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
perl-DateTime-Format-Builder-0:0.7901-4.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
perl-DateTime-Format-Pg-0:0.16004-3.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
perl-DateTime-Format-Strptime-0:1.1000-3.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
perl-DBIx-ContextualFetch-0:1.03-7.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
perl-Ima-DBI-0:0.35-7.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
perl-IO-stringy-0:2.110-10.1.el6	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
perl-JSON-0:2.15-5.el6	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
perl-UNIVERSAL-moniker-0:0.08-9.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
perl-YAML-0:0.70-4.el6	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
php-0:5.3.3-27.el6_5	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
php54-php-pecl-imagick-0:3.1.2-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
php54-php-pecl-xdebug-0:2.2.3-3.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
php-extras-0:5.3.3-3.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
php-pear-MDB2-0:2.5.0-0.3.b3.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
php-pear-MDB2-Driver-pgsql-0:1.5.0-0.1.b3.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
php-pecl-imagick-0:3.1.2-1.el6_5	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
php-pecl-xdebug-0:2.1.4-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
postgis-0:1.5.3-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
postgresql92-pgRouting-0:2.0.0-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
postgresql92-postgis-0:2.1.0-0.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
postgresql-ip4r-0:1.05-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
proj-0:4.7.0-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
python27-mod_wsgi-0:3.4-5.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
python27-numpy-0:1.4.1-10.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
python27-python-pip-0:1.4-7.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
python-virtualenv-0:1.10.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
quartz-0:2.2.1.redhat_1-1.el6_5	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rhc-0:1.23.7.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rsyslog7-0:7.4.7-5.4.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-facter-0:1.6.6-3.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-js-1:1.8.5-10.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-mcollective-0:2.4.1-5.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-bson-0:1.8.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-bson_ext-0:1.8.1-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-chunky_png-0:1.2.6-3.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-commander-0:4.0.3-5.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-compass-0:0.12.2-4.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-compass-rails-0:1.0.3-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-daemon_controller-0:1.1.0-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-daemons-0:1.0.10-4.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-dnsruby-0:1.53-3.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-fastthread-0:1.0.7-7.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-file-tail-0:1.0.5-5.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-formtastic-0:1.2.4-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-fssm-0:0.2.8.1-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-haml-0:4.0.3-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-highline-0:1.6.16-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-httpclient-0:2.3.4.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-jquery-rails-0:3.1.0-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-json-0:1.7.3-5.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-json_pure-0:1.7.3-1.el6	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-minitest-0:3.5.0-3.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-mongo-0:1.8.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-mongoid-0:3.1.4-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-moped-0:1.5.0-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-net-ldap-0:0.3.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-open4-0:1.3.0-3.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-origin-0:1.0.7-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-parallel-0:0.8.0-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-parseconfig-0:1.0.2-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-passenger-0:3.0.21-3.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-pg-0:0.12.2-4.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-rdiscount-0:1.6.8-3.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-regin-0:0.3.7-4.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-rest-client-0:1.6.1-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-ruby2ruby-0:1.3.1-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-ruby_parser-0:2.3.1-3.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-safe_yaml-0:0.9.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-sass-twitter-bootstrap-0:2.0.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-sexp_processor-0:3.2.0-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-spruz-0:0.2.5-5.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-state_machine-0:1.1.2-7.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-stomp-0:1.2.14-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-syslog-logger-0:1.6.8-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-systemu-0:2.5.2-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-term-ansicolor-0:1.0.7-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-rubygem-xml-simple-0:1.0.12-10.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-ruby-mysql-0:2.8.2-8.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-ruby-selinux-0:2.0.94-3.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby193-ruby-wrapper-0:0.0.2-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-archive-tar-minitar-0:0.5.2-3.1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-bson-0:1.8.3-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-bson_ext-0:1.8.3-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-bundler-0:1.0.21-3.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-commander-0:4.0.3-4.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-diff-lcs-0:1.1.2-5.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-fastthread-0:1.0.7-4.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-file-tail-0:1.0.5-4.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-highline-0:1.6.16-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-httpclient-0:2.3.2-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-json-0:1.7.3-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-net-scp-0:1.1.2-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-net-ssh-0:2.7.0-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-net-ssh-gateway-0:1.2.0-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-net-ssh-multi-0:1.2.0-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-nokogiri-0:1.4.3.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-open4-0:1.3.0-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-openshift-origin-admin-console-0:1.20.2.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-openshift-origin-auth-remote-user-0:1.19.6.2-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-openshift-origin-common-0:1.22.5.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-openshift-origin-console-0:1.23.4.2-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-openshift-origin-container-selinux-0:0.8.1.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-openshift-origin-controller-0:1.23.10.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-openshift-origin-dns-nsupdate-0:1.16.2.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-openshift-origin-frontend-apachedb-0:0.4.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-openshift-origin-frontend-apache-mod-rewrite-0:0.5.2.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-openshift-origin-frontend-apache-vhost-0:0.5.2.2-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.3.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-openshift-origin-frontend-nodejs-websocket-0:0.4.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-openshift-origin-msg-broker-mcollective-0:1.23.3.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-openshift-origin-node-0:1.23.9.3-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-openshift-origin-routing-activemq-0:0.4.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-parseconfig-0:0.5.2-5.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-ParseTree-0:3.0.5-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-passenger-0:3.0.21-9.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-rack-1:1.3.0-4.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-rake-0:0.8.7-2.1.el6	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-regin-0:0.3.7-4.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-ruby2ruby-0:1.2.4-3.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-RubyInline-0:3.8.4-3.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-ruby_parser-0:2.0.4-6.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygems-0:1.8.24-6.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-sexp_processor-0:3.0.4-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-spruz-0:0.2.5-4.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-sqlite3-0:1.3.3-4.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-stomp-0:1.1.8-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-systemu-0:1.2.0-3.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-test-unit-0:2.2.0-3.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-thor-0:0.14.6-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-thread-dump-0:0.0.5-93.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
rubygem-ZenTest-0:4.3.3-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby-mysql-0:2.8.2-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ruby-RMagick-0:2.13.1-6.el6op.1	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
shapelib-0:1.3.0b2-10.2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
socat-0:1.7.2.2-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
ta-lib-0:0.4.0-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
uuid-0:1.6.1-10.el6	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
v8-1:3.14.5.10-2.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
xerces-c-0:3.0.1-20.el6	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z
yum-utils-0:1.1.30-17.el6_5	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:0487	2014-05-14T00:00:00Z

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2014-0272	The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this may overlap CVE-2013-4253 and CVE-2013-4281.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.08806.

Key SSVC decision points have not yet been added.

References

Link	Providers
http://openwall.com/lists/oss-security/2014/06/05/19
http://www.securityfocus.com/bid/67657
https://bugzilla.redhat.com/show_bug.cgi?id=1097008
https://github.com/openshift/openshift-extras/blob/master/README.md
https://nvd.nist.gov/vuln/detail/CVE-2014-0234
https://rhn.redhat.com/errata/RHSA-2014-0487.html
https://www.cve.org/CVERecord?id=CVE-2014-0234

History

No history.

Subscriptions

Redhat Openshift

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2020-02-12T00:09:56.000Z

Updated: 2024-08-06T09:05:39.263Z

Reserved: 2013-12-03T00:00:00.000Z

Link: CVE-2014-0234

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-02-12T01:15:10.453

Modified: 2024-11-21T02:01:43.420

Link: CVE-2014-0234

Redhat

Severity : Important

Publid Date: 2014-05-14T00:00:00Z

Links: CVE-2014-0234 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object