CVE-2019-17134 — Improper Authentication in Octavia

CWE-287 — Improper Authentication CWE-295 — Improper Certificate Validation CWE-200 — Sensitive Information Exposure CWE-471 — Modification of Assumed-Immutable Data13 documents9 sources

Severity

9.1CRITICALNVD

EPSS

0.4%

top 39.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Octavia Opendev Octavia Canonical Ubuntu Linux

Timeline

PublishedOct 8

Latest updateMay 24

Description

Amphora Images in OpenStack Octavia >=0.10.0 =3.0.0 =4.0.0 <4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the cmd/agent.py gunicorn cert_reqs option is True but is supposed to be ssl.CERT_REQUIRED.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages3 packages

▶PyPIopenstack/octavia0.10.0 — 2.1.2+2

▶Debianopenstack/octavia< 4.0.0-6+3

▶NVDopendev/octavia0.10.0 — 2.1.2+2

Also affects: Ubuntu Linux 19.04

Patches

Patch: review.opendev.org ↗Patch: review.opendev.org ↗Patch: review.opendev.org ↗

🔴Vulnerability Details

GHSA

OpenStack Octavia Amphora-Agent not requiring Client-Certificate↗2022-05-24

▶

OSV

OpenStack Octavia Amphora-Agent not requiring Client-Certificate↗2022-05-24

▶

OSV

CVE-2019-17134: Amphora Images in OpenStack Octavia >=0↗2019-10-08

▶

CVEList

CVE-2019-17134: Amphora Images in OpenStack Octavia >=0↗2019-10-08

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows 10 - Theme API 'ThemePack' File Parsing↗2020-01-29

▶

Exploit-DB

Roxy Fileman 1.4.5 - Directory Traversal↗2019-12-16

▶

Exploit-DB

Microsoft Windows 10.0.17134.648 - HTTP -> SMB NTLM Reflection Leads to Privilege Elevation↗2019-07-12

▶

Exploit-DB

mIRC < 7.55 - 'Custom URI Protocol Handlers' Remote Command Execution↗2019-02-18

▶

📋Vendor Advisories

Ubuntu

Octavia vulnerability↗2019-10-10

▶

Red Hat

openstack-octavia: amphora-agent not requiring client certificate↗2019-10-08

▶

Debian

CVE-2019-17134: octavia - Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4....↗2019

▶

💬Community

Bugzilla

CVE-2019-17134 openstack-octavia: amphora-agent not requiring client certificate↗2019-10-14

▶