CVE-2024-4438 Etcd: incomplete fix for cve-2023-39325/cve-2023-44487 in openstack platform

🗓️ 08 May 2024 08:59:42Reported by redhatType

CVE-2024-4438 Etcd incomplete fix for cve-2023-39325 in OpenStack platfor

Reporter	Title	Published	Views	Family All 22
Circl	CVE-2024-4438	27 Aug 202513:18	–	circl
CNNVD	Red Hat OpenStack Platform 安全漏洞	6 May 202400:00	–	cnnvd
CVE	CVE-2024-4438	8 May 202408:59	–	cve
EUVD	EUVD-2024-44549	3 Oct 202520:07	–	euvd
NVD	CVE-2024-4438	8 May 202409:15	–	nvd
OSV	RHSA-2024:2729 Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (etcd) security update	30 Sep 202415:52	–	osv
OSV	RHSA-2024:3352 Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (etcd) security update	30 Sep 202415:52	–	osv
OSV	RHSA-2024:3467 Red Hat Security Advisory: Red Hat OpenStack Platform 16.1 (etcd) security update	30 Sep 202415:53	–	osv
Positive Technologies	PT-2024-31140 · Red Hat · Red Hat Openstack Platform 16.1 +3	8 May 202400:00	–	ptsecurity
Tenable Nessus	RHEL 9 : Red Hat OpenStack Platform 17.1 (etcd) (RHSA-2024:2729)	22 May 202400:00	–	nessus

[
  {
    "versions": [
      {
        "status": "unaffected",
        "version": "3.3.23",
        "versionType": "semver"
      }
    ],
    "packageName": "etcd",
    "collectionURL": "https://github.com/etcd-io/etcd",
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 16.1",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "etcd",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:3.3.23-16.el8ost",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:openstack:16.1::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 16.2",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "etcd",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:3.3.23-16.el8ost",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:openstack:16.2::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 17.1 for RHEL 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "etcd",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:3.4.26-8.el9ost",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:openstack:17.1::el9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 18.0",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "etcd",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:openstack:18.0"
    ]
  }
]

Source	Link
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
access	www.access.redhat.com/security/cve/CVE-2024-4438
access	www.access.redhat.com/errata/RHSA-2024:3467
access	www.access.redhat.com/errata/RHSA-2024:2729
access	www.access.redhat.com/errata/RHSA-2024:3352

20 Nov 2025 07:31Current

7.4High risk

Vulners AI Score7.4

CVSS 3.17.5

EPSS0.00791

CWE-400