The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:3188 advisory.

    Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS)     solution designed for on-premise or private cloud deployments.

    The OpenShift Container Platform 3.7 Release Notes, link located within the reference section, provides     information about new features, bug fixes, and known issues.

    This advisory contains the RPM packages for this release. An advisory for the container images for this     release is available at: https://access.redhat.com/errata/RHEA-2017:3187.

    Security Fix(es):

    * An attacker with knowledge of the given name used to authenticate and access Elasticsearch can later     access it without the token, bypassing authentication. This attack also requires that the Elasticsearch be     configured with an external route, and the data accessed is limited to the indices. (CVE-2017-12195)

    Red Hat would like to thank Rich Megginson for reporting this issue.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 7 : Red Hat OpenShift Container Platform 3.7 (RHSA-2017:3188)

medium Nessus Plugin ID 119389

Version 1.10