Описание
The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse) | openstack-glance | Not affected | ||
| Red Hat Enterprise Linux OpenStack Platform 6 (Juno) | openstack-glance | Not affected | ||
| Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) | openstack-glance | Not affected | ||
| Red Hat OpenStack Platform 8 (Liberty) | openstack-glance | Will not fix |
Показывать по
10
Дополнительная информация
Статус:
Low
Дефект:
CWE-327
https://bugzilla.redhat.com/show_bug.cgi?id=1303486openstack-glance: MD5 used for cryptographic signature verification
EPSS
Процентиль: 33%
0.00131
Низкий
2.4 Low
CVSS2
Связанные уязвимости
CVSS3: 5.5
ubuntu
почти 9 лет назад
The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision.
CVSS3: 5.5
nvd
почти 9 лет назад
The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision.
CVSS3: 5.5
debian
почти 9 лет назад
The image signature algorithm in OpenStack Glance 11.0.0 allows remote ...
EPSS
Процентиль: 33%
0.00131
Низкий
2.4 Low
CVSS2