CVE-2019-3895 — Improper Access Control in Octavia

CWE-284 — Improper Access Control9 documents7 sources

Severity

8.0HIGHNVD

EPSS

0.5%

top 32.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Octavia RED HAT Openstack-tripleo-common Redhat Openstack

Timeline

PublishedJun 3

Latest updateMay 24

Description

An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested to spawn new amphorae, Octavia would then pick up the compromised image.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages4 packages

▶NVDopenstack/octavia< 0.9.0

▶PyPIopenstack/octavia< 0.9.0

▶NVDredhat/openstack12

▶CVEListV5red_hat/openstack-tripleo-commonn/a

🔴Vulnerability Details

GHSA

Openstack Octavia Access Control Vulnerability↗2022-05-24

▶

OSV

Openstack Octavia Access Control Vulnerability↗2022-05-24

▶

CVEList

CVE-2019-3895: An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director↗2019-06-03

▶

OSV

CVE-2019-3895: An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director↗2019-06-03

▶

📋Vendor Advisories

Red Hat

openstack-tripleo-common: Allows running new amphorae based on arbitrary images↗2019-05-27

▶

Debian

CVE-2019-3895: octavia - An access-control flaw was found in the Octavia service when the cloud platform ...↗2019

▶

💬Community

Bugzilla

CVE-2019-3895 openstack-tripleo-common: Allows running new amphorae based on arbitrary images [openstack-rdo]↗2019-05-27

▶

Bugzilla

CVE-2019-3895 openstack-tripleo-common: Allows running new amphorae based on arbitrary images↗2019-04-01

▶