Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-3895

Опубликовано: 27 мая 2019
Источник: redhat
CVSS3: 5.5

Описание

An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested to spawn new amphorae, Octavia would then pick up the compromised image.

Меры по смягчению последствий

To prevent this vulnerability:

  1. Update Octavia's configuration setting (octavia.conf) to amp_image_owner_id = $UUID_OF_SERVICE_PROJECT on all Octavia nodes.
  2. Enable the new configuration by restarting both octavia_worker and octavia_health_manager.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenStack Platform 15 (Stein)openstack-tripleo-commonNot affected
Red Hat OpenStack Platform 13.0 (Queens)openstack-tripleo-commonFixedRHSA-2019:174210.07.2019
Red Hat OpenStack Platform 14.0 (Rocky)openstack-tripleo-commonFixedRHSA-2019:168302.07.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-284
https://bugzilla.redhat.com/show_bug.cgi?id=1694608openstack-tripleo-common: Allows running new amphorae based on arbitrary images

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-3895

CVSS3: 8
ubuntu
больше 6 лет назад

An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested to spawn new amphorae, Octavia would then pick up the compromised image.

nvd логотип

CVE-2019-3895

CVSS3: 8
nvd
больше 6 лет назад

An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested to spawn new amphorae, Octavia would then pick up the compromised image.

debian логотип

CVE-2019-3895

CVSS3: 8
debian
больше 6 лет назад

An access-control flaw was found in the Octavia service when the cloud ...

github логотип

GHSA-jjgh-m322-fjx6

CVSS3: 5.5
github
больше 3 лет назад

Openstack Octavia Access Control Vulnerability

fstec логотип

BDU:2020-04695

CVSS3: 5.5
fstec
больше 6 лет назад

Уязвимость балансировщика нагрузки OpenStack Octavia, связанная с недостатками контроля доступа, позволяющая нарушителю оказать частичное воздействие на конфиденциальность, целостность и доступность защищаемой информации

5.5 Medium

CVSS3