CVE-2019-17134

Published: 08/10/2019 Updated: 07/11/2023

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the cmd/agent.py gunicorn cert_reqs option is True but is supposed to be ssl.CERT_REQUIRED.

Vulnerable Product	Search on Vulmon	Subscribe to Product
opendev octavia
canonical ubuntu linux 19.04

Octavia could allow unintended access to network services ...

Debian Bug report logs - #941897 CVE-2019-17134: agent doesn't check for client certificate Package: octavia-agent; Maintainer for octavia-agent is Debian OpenStack <team+openstack@trackerdebianorg>; Source for octavia-agent is src:octavia (PTS, buildd, popcon) Reported by: Thomas Goirand <zigo@debianorg> Date: Mo ...

Synopsis Moderate: openstack-octavia security update Type/Severity Security Advisory: Moderate Topic An update for openstack-octavia is now available for Red Hat OpenStack Platform 140 (Rocky)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Sco ...

Synopsis Moderate: openstack-octavia security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for openstack-octavia is now available for Red Hat OpenStack Platform 130 (Queens)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vuln ...

Synopsis Moderate: openstack-octavia security update Type/Severity Security Advisory: Moderate Topic An update for openstack-octavia is now available for Red Hat OpenStackPlatform 15 (Stein)Red Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring ...

===================================================================== OSSA-2019-005: Octavia Amphora-Agent not requiring Client-Certificate ===================================================================== :Date: October 07, 2019 :CVE: CVE-2019-17134 Affects ~~~~~~~ - Octavia: >=0100 <212, >=300 <320, >=400 <410 ...

CWE-287 https://review.opendev.org/686547 https://review.opendev.org/686545 https://review.opendev.org/686546 https://review.opendev.org/686543 https://review.opendev.org/686544 https://security.openstack.org/ossa/OSSA-2019-005.html https://review.opendev.org/686541 https://usn.ubuntu.com/4153-1/https://access.redhat.com/errata/RHSA-2019:3743 https://access.redhat.com/errata/RHSA-2019:3788 https://access.redhat.com/errata/RHSA-2020:0721 https://storyboard.openstack.org/#%21/story/2006660 https://nvd.nist.gov https://usn.ubuntu.com/4153-1/

CVE-2019-17134

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect