← volver
CVE-2019-3895

CVE-2019-3895

CVSS 5.5 MEDIUMEPSS 1.4%CWE-284
An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested to spawn new amphorae, Octavia would then pick up the compromised image.
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Productos afectados
Red Hat · openstack-tripleo-common

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://access.redhat.com/errata/RHSA-2019:1683https://access.redhat.com/errata/RHSA-2019:1742https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3895