CVE-2019-17134
08.10.2019, 18:15
Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the cmd/agent.py gunicorn cert_reqs option is True but is supposed to be ssl.CERT_REQUIRED.Enginsight
| Vendor | Product | Version |
|---|---|---|
| opendev | octavia | 0.10.0 ≤ 𝑥 < 2.1.2 |
| opendev | octavia | 3.0.0 ≤ 𝑥 < 3.2.0 |
| opendev | octavia | 4.0.0 ≤ 𝑥 < 4.1.0 |
| canonical | ubuntu_linux | 19.04 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
References