Merge pull request #1928 from RedHatProductSecurity/CVE-2019-3899

CVE-2019-3899
2025-06-12 02:05:39 +00:00 · 2019-04-22 11:20:11 -04:00 · 2019-04-22 11:20:11 -04:00 · 93ca5f1ebe
commit 93ca5f1ebe
parent 0d220c6e87 b1a6a589b6
1 changed files with 61 additions and 8 deletions
--- a/2019/3xxx/CVE-2019-3899.json
+++ b/2019/3xxx/CVE-2019-3899.json
@ -1,18 +1,71 @@
 {
-    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
-        "ID": "CVE-2019-3899",
-        "STATE": "RESERVED"
-    },
-    "data_format": "MITRE",
    "data_type": "CVE",
+    "data_format": "MITRE",
    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2019-3899",
+        "ASSIGNER": "psampaio@redhat.com"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "The Heketi Project",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "heketi",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "heketi 6 as shipped with Openshift Container Platform 3.11"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-592"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3899",
+                "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3899",
+                "refsource": "CONFIRM"
+            }
+        ]
+    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse. This isue only affects heketi as shipped with Openshift Container Platform 3.11."
            }
        ]
+    },
+    "impact": {
+        "cvss": [
+            [
+                {
+                    "vectorString": "7.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+                    "version": "3.0"
+                }
+            ]
+        ]
    }
-}
+}