Published: 03/06/2019 Updated: 04/08/2021

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8 | Impact Score: 5.9 | Exploitability Score: 2.1

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested to spawn new amphorae, Octavia would then pick up the compromised image.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openstack octavia
redhat openstack 12

Synopsis Moderate: openstack-tripleo-common security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for openstack-tripleo-common is now available for Red Hat OpenStack Platform 140 (Rocky)Red Hat Product Security has rated this update as having a security impact of Moderate ...

Synopsis Moderate: openstack-tripleo-common security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for openstack-tripleo-common is now available for Red Hat OpenStack Platform 130 (Queens)Red Hat Product Security has rated this update as having a security impact of Moderate ...

Impact: Moderate Public Date: 2019-05-27 CWE: CWE-284 Bugzilla: 1694608: CVE-2019-3895 openstack-triple ...

NVD-CWE-Other https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3895 https://access.redhat.com/errata/RHSA-2019:1683 https://access.redhat.com/errata/RHSA-2019:1742 https://access.redhat.com/errata/RHSA-2019:1683 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2019-3895

CVE-2019-3895

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect