CVE-2014-0188

CVE-2014-0188 is a high-severity vulnerability in Redhat Openshift with a CVSS 2.0 base score of 7.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-287.

Key facts

Description

The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to a passthrough trigger.

Frequently asked questions

What is CVE-2014-0188?
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to a passthrough trigger.
How severe is CVE-2014-0188?
CVE-2014-0188 has a CVSS 2.0 base score of 7.5, rated high severity.
Is CVE-2014-0188 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (74th percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2014-0188?
CVE-2014-0188 affects Redhat Openshift. See the affected-products list for the exact vulnerable versions.
How do I fix CVE-2014-0188?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
When was CVE-2014-0188 published?
CVE-2014-0188 was published on 2014-04-24 and last updated on 2026-06-17.

References

Affected products (1)

More vulnerabilities in Redhat Openshift

All CVEs affecting Redhat Openshift →

Other CWE-287 (Improper Authentication) vulnerabilities

Browse all CWE-287 (Improper Authentication) vulnerabilities →