Описание
HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.
Отчет
The Red Hat Security Response Team has rated this issue as having Moderate security impact in RedHat Enterprise OpenStack Platform 3 however fixing this issue would require a change to default behavior. This issue is not currently planned to be addressed in future updates. This issue did not affect the versions of openstack-keystone or python-keystone client as shipped with RedHat Enterprise OpenStack Platform 4. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenStack Platform 3 | openstack-keystone | Affected | ||
| Red Hat OpenStack Platform 3 | python-keystoneclient | Affected | ||
| Red Hat OpenStack Platform 4 | openstack-keystone | Affected | ||
| Red Hat OpenStack Platform 4 | python-keystoneclient | Affected |
Показывать по
Дополнительная информация
Статус:
4.3 Medium
CVSS2
Связанные уязвимости
HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.
HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.
HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, ...
OpenStack Keystone and other components vulnerable to Improper Certificate Validation
4.3 Medium
CVSS2