Lucene search
RedhatCVE-2024-8007HistoryAug 21, 2024 - 2:15 p.m.
CVE-2024-8007
2024-08-2114:15:09
CWE-295
redhat
web.nvd.nist.gov
27
red hat openstack platform
tls certificate verification
registry mirrors
man-in-the-middle attack
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
39.7%
A flaw was found in the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a man-in-the-middle (MITM) attack.
Affected configurations
Node
redhatopenstack_platformMatch16.1
ORredhatopenstack_platformMatch16.2
ORredhatopenstack_platformMatch17.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | openstack_platform | 16.1 | cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:* |
| redhat | openstack_platform | 16.2 | cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:* |
| redhat | openstack_platform | 17.1 | cpe:2.3:a:redhat:openstack_platform:17.1:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Red Hat",
"product": "Red Hat OpenStack Platform 16.1",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "rhosp-director-images",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:openstack:16.1"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenStack Platform 16.1",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "rhosp-director-images-ipa-ppc64le",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:openstack:16.1"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenStack Platform 16.1",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "rhosp-director-images-ipa-x86_64",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:openstack:16.1"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenStack Platform 16.1",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "rhosp-director-images-minimal",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:openstack:16.1"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenStack Platform 16.1",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "rhosp-director-images-ppc64le",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:openstack:16.1"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenStack Platform 16.1",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "rhosp-director-images-x86_64",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:openstack:16.1"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenStack Platform 16.2",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "rhosp-director-images",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:openstack:16.2"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenStack Platform 16.2",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "rhosp-director-images-ipa-ppc64le",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:openstack:16.2"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenStack Platform 16.2",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "rhosp-director-images-ipa-x86_64",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:openstack:16.2"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenStack Platform 16.2",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "rhosp-director-images-minimal",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:openstack:16.2"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenStack Platform 16.2",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "rhosp-director-images-ppc64le",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:openstack:16.2"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenStack Platform 16.2",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "rhosp-director-images-x86_64",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:openstack:16.2"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenStack Platform 17.1",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "rhosp-director-images",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:openstack:17.1"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenStack Platform 17.1",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "rhosp-director-images-fips-x86_64",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:openstack:17.1"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenStack Platform 17.1",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "rhosp-director-images-ipa-fips-x86_64",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:openstack:17.1"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenStack Platform 17.1",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "rhosp-director-images-ipa-x86_64",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:openstack:17.1"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenStack Platform 17.1",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "rhosp-director-images-minimal",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:openstack:17.1"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenStack Platform 17.1",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "rhosp-director-images-minimal-fips",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:openstack:17.1"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenStack Platform 17.1",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "rhosp-director-images-uefi-fips-x86_64",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:openstack:17.1"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenStack Platform 17.1",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "rhosp-director-images-uefi-x86_64",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:openstack:17.1"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenStack Platform 17.1",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "rhosp-director-images-x86_64",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:openstack:17.1"
]
}
]Related
redhatcve
redhatcve
CVE-2024-8007
2024-08-20 11:40:07
vulnrichment
vulnrichment
cvelist
cvelist
nvd
nvd
CVE-2024-8007
2024-08-21 14:15:09
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
39.7%
Related for CVE-2024-8007