CVE-2024-8007Improper Certificate Validation in Redhat Openstack Platform

CWE-295Improper Certificate Validation4 documents4 sources
Severity
8.1HIGHNVD
EPSS
0.2%
top 52.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Openstack Platform
Timeline
PublishedAug 21

Description

A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a man-in-the-middle (MITM) attack.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages1 packages

NVDredhat/openstack_platform16.1, 16.2, 17.1+2

🔴Vulnerability Details

2
GHSA
GHSA-w89j-rfr2-3vwq: A flaw was found in the Red Hat OpenStack Platform (RHOSP) director2024-08-21
CVEList
Openstack-tripleo-common: rhosp director disables tls verification for registry mirrors2024-08-21

📋Vendor Advisories

1
Red Hat
openstack-tripleo-common: RHOSP Director Disables TLS Verification for Registry Mirrors2024-08-20