CVE-2019-17134

EUVD-2022-5091
Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the cmd/agent.py gunicorn cert_reqs option is True but is supposed to be ssl.CERT_REQUIRED.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
Affected Products (NVD)
VendorProductVersion
opendevoctavia
0.10.0 ≤
𝑥
< 2.1.2
opendevoctavia
3.0.0 ≤
𝑥
< 3.2.0
opendevoctavia
4.0.0 ≤
𝑥
< 4.1.0
canonicalubuntu_linux
19.04
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
octavia
bookworm
11.0.0-2
fixed
bullseye
7.1.0-2
fixed
sid
15.0.0-1
fixed
trixie
15.0.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
octavia
bionic
dne
disco
Fixed 4.0.0-0ubuntu1.2
released
trusty
dne
xenial
dne
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2019:3743
https://access.redhat.com/errata/RHSA-2019:3788
https://access.redhat.com/errata/RHSA-2020:0721
https://review.opendev.org/686541
https://review.opendev.org/686543
https://review.opendev.org/686544
https://review.opendev.org/686545
https://review.opendev.org/686546
https://review.opendev.org/686547
https://security.openstack.org/ossa/OSSA-2019-005.html
https://storyboard.openstack.org/#%21/story/2006660
https://usn.ubuntu.com/4153-1/
https://access.redhat.com/errata/RHSA-2019:3743
https://access.redhat.com/errata/RHSA-2019:3788
https://access.redhat.com/errata/RHSA-2020:0721
https://review.opendev.org/686541
https://review.opendev.org/686543
https://review.opendev.org/686544
https://review.opendev.org/686545
https://review.opendev.org/686546
https://review.opendev.org/686547
https://security.openstack.org/ossa/OSSA-2019-005.html
https://storyboard.openstack.org/#%21/story/2006660
https://usn.ubuntu.com/4153-1/