CVE-2024-8007

Published: Aug 21, 2024Modified: Nov 25, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a man-in-the-middle (MITM) attack.

Affected (3)

Products: Redhat: Openstack Platform

1 product

Openstack Platform

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Openstack Platform	Version 16.1
Redhat Openstack Platform	Version 16.2
Redhat Openstack Platform	Version 17.1

Related CWEs

Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

References (4)

https://access.redhat.com/errata/RHSA-2024:9990

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:9991

Source: secalert@redhat.com

https://access.redhat.com/security/cve/CVE-2024-8007

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2305975

Source: secalert@redhat.com

Issue TrackingVendor Advisory

Timeline

No history available yet.