CVE-2014-0041 — Improper Certificate Validation in Redhat Openstack

CWE-310 CWE-295 — Improper Certificate Validation5 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.4%

top 41.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Openstack

Timeline

PublishedJun 2

Latest updateMay 17

Description

OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets sslverify to false for certain Yum repositories, which disables SSL protection and allows man-in-the-middle attackers to prevent updates via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDredhat/openstack4.0

🔴Vulnerability Details

GHSA

GHSA-c74h-cqh6-v99x: OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4↗2022-05-17

▶

CVEList

CVE-2014-0041: OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4↗2014-06-02

▶

📋Vendor Advisories

Red Hat

openstack-heat-templates: use of HTTPS url and sslverify=false↗2014-01-09

▶

💬Community

Bugzilla

CVE-2014-0041 OpenStack openstack-heat-templates: use of HTTPS url and sslverify=false↗2014-01-30

▶