CyberSec.Space Logo
Back to CVE Browser

CVE-2019-17134

CRITICAL
9.1
CVSS Severity Score
EPSS Score0.1680%
EPSS Percentile39.38th
PublishedOct 8, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the cmd/agent.py gunicorn cert_reqs option is True but is supposed to be ssl.CERT_REQUIRED.

Affected Platforms (CPE)

πŸ“¦
Opendev

Octavia

>= 0.10.0 and < 2.1.2
πŸ“¦
Opendev

Octavia

>= 3.0.0 and < 3.2.0
πŸ“¦
Opendev

Octavia

>= 4.0.0 and < 4.1.0
πŸ’»
Canonical

Ubuntu Linux

= 19.04

References & Advisories

πŸ”— https://access.redhat.com/errata/RHSA-2019:3743
πŸ”— https://access.redhat.com/errata/RHSA-2019:3788
πŸ”— https://access.redhat.com/errata/RHSA-2020:0721
πŸ”— https://review.opendev.org/686541
πŸ”— https://review.opendev.org/686543
πŸ”— https://review.opendev.org/686544
πŸ”— https://review.opendev.org/686545
πŸ”— https://review.opendev.org/686546

Related Vulnerabilities

CVE-2019-38958.0

An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Dire...

CVE-2018-168565.5

In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and ope...

CVE-2019-390510.0

Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.

CVE-2019-002010.0

Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full contr...