← Retour aux CVEs
CVE-2019-3895
HIGH8.0
Description
An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested to spawn new amphorae, Octavia would then pick up the compromised image.
Details CVE
Score CVSS v3.18.0
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurREQUIRED
Publie6/3/2019
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
openstack:octaviaredhat:openstack
Faiblesses (CWE)
CWE-284
References
https://access.redhat.com/errata/RHSA-2019:1683(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2019:1742(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3895(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2019:1683(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:1742(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3895(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.