RedHatRHSA-2018:2729(RHSA-2018:2729) Moderate: Red Hat Enterprise Linux OpenStack Platform security update
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:P/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS
Percentile
70.9%
Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service (IaaS) cloud running on commonly available physical hardware.
Security Fix(es):
- openstack-rabbitmq-container: Insecure download of rabbitmq_clusterer during docker build (CVE-2018-14620)
For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References section.
The Red Hat OpenStack Platform container images have been updated to address security advisory/ies: RHSA-2018:2439, RHSA-2018:2482, RHSA-2018:2557.
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:P/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS
Percentile
70.9%