CVE-2014-0042 — Download of Code Without Integrity Check in Redhat Openstack

CWE-310 CWE-494 — Download of Code Without Integrity Check5 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.4%

top 41.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Openstack

Timeline

PublishedJun 2

Latest updateMay 17

Description

OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets gpgcheck to 0 for certain templates, which disables GPG signature checking on downloaded packages and allows man-in-the-middle attackers to install arbitrary packages via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDredhat/openstack4.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-59c5-w7cq-xv24: OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4↗2022-05-17

▶

CVEList

CVE-2014-0042: OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4↗2014-06-02

▶

📋Vendor Advisories

Red Hat

openstack-heat-templates: setting gpgcheck=0 for signed packages↗2014-01-09

▶

💬Community

Bugzilla

CVE-2014-0042 OpenStack openstack-heat-templates: setting gpgcheck=0 for signed packages↗2014-01-30

▶