← Back

Octavia

octavia

Vendor: Openstack • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-3895
2Openstack
Redhat
2Octavia
Openstack
Nov 21, 2024
Jun 3, 2019
N/A· v4
8.0 HIGH· v3
6.8 MEDIUM· v2
An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant...Show more
An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested to spawn new amphorae, Octavia would then pick up the compromised image.Show less
CVE-2018-16856
2Openstack
Redhat
2Octavia
Openstack
Nov 21, 2024
Mar 26, 2019
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Se...Show more
In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowing for information exposure.Show less