CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2019-3895

HIGH
8.0
CVSS Severity Score
EPSS Score0.0200%
EPSS Percentile37.19th
Published2019年6月3日
Last Modified2024年11月21日

Vulnerability Description

An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested to spawn new amphorae, Octavia would then pick up the compromised image.

Affected Platforms (CPE)

📦
Openstack

Octavia

< 0.9.0
📦
Redhat

Openstack

= 12

References & Advisories

🔗 https://access.redhat.com/errata/RHSA-2019:1683
🔗 https://access.redhat.com/errata/RHSA-2019:1742
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3895
🔗 https://access.redhat.com/errata/RHSA-2019:1683
🔗 https://access.redhat.com/errata/RHSA-2019:1742
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3895

相關漏洞威脅

CVE-2019-171349.1

Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4.1.0 allows anyone with access to the management ne...

CVE-2018-168565.5

In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and ope...

CVE-2019-002010.0

Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full contr...

CVE-2019-002210.0

Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full contro...