Lucene search

RedhatCVELIST:CVE-2024-8007

HistoryAug 21, 2024 - 1:40 p.m.

CVE-2024-8007 Rhosp-director: rhosp director disables tls verification for registry mirrors

2024-08-2113:40:25

CWE-295

redhat

www.cve.org

red hat openstack platform

director

registry mirrors

tls certificate verification

man-in-the-middle attack

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.7%

JSON

A flaw was found in the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a man-in-the-middle (MITM) attack.

CNA Affected

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 16.1",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhosp-director-images",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/a:redhat:openstack:16.1"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 16.1",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhosp-director-images-ipa-ppc64le",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/a:redhat:openstack:16.1"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 16.1",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhosp-director-images-ipa-x86_64",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/a:redhat:openstack:16.1"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 16.1",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhosp-director-images-minimal",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/a:redhat:openstack:16.1"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 16.1",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhosp-director-images-ppc64le",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/a:redhat:openstack:16.1"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 16.1",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhosp-director-images-x86_64",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/a:redhat:openstack:16.1"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 16.2",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhosp-director-images",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:openstack:16.2"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 16.2",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhosp-director-images-ipa-ppc64le",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:openstack:16.2"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 16.2",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhosp-director-images-ipa-x86_64",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:openstack:16.2"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 16.2",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhosp-director-images-minimal",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:openstack:16.2"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 16.2",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhosp-director-images-ppc64le",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:openstack:16.2"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 16.2",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhosp-director-images-x86_64",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:openstack:16.2"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 17.1",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhosp-director-images",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:openstack:17.1"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 17.1",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhosp-director-images-fips-x86_64",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:openstack:17.1"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 17.1",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhosp-director-images-ipa-fips-x86_64",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:openstack:17.1"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 17.1",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhosp-director-images-ipa-x86_64",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:openstack:17.1"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 17.1",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhosp-director-images-minimal",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:openstack:17.1"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 17.1",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhosp-director-images-minimal-fips",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:openstack:17.1"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 17.1",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhosp-director-images-uefi-fips-x86_64",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:openstack:17.1"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 17.1",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhosp-director-images-uefi-x86_64",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:openstack:17.1"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 17.1",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhosp-director-images-x86_64",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:openstack:17.1"
    ]
  }
]

References

access.redhat.com/security/cve/CVE-2024-8007

bugzilla.redhat.com/show_bug.cgi?id=2305975

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.7%

JSON

Related for CVELIST:CVE-2024-8007