Lucene search
Redhat.comRH:CVE-2019-17134HistoryOct 14, 2019 - 12:22 p.m.
CVE-2019-17134
2019-10-1412:22:04
redhat.com
access.redhat.com
10
EPSS
0.002
Percentile
61.1%
A certificate-validation error has been found in Octavia’s amphora-agent, where an attacker with management-network access could bypass an amphora’s client-certificate based authentication. Because the agent’s HTTP server (gunicorn) had ‘cert_reqs’ set to ‘True’ instead of ‘ssl.CERT_REQUIRED’, information could be retrieved or configuration updated without a client certificate.
Mitigation
There is no mitigation for this issue, the flaw can only be resolved by applying updates.
Related
cvelist
cvelist
CVE-2019-17134
2019-10-08 17:14:37
redhat
redhat
(RHSA-2019:3788) Moderate: openstack-octavia security and bug fix update
2019-11-07 12:47:59
(RHSA-2020:0721) Moderate: openstack-octavia security update
2020-03-05 10:20:17
(RHSA-2019:3743) Moderate: openstack-octavia security update
2019-11-06 15:01:20
nvd
nvd
CVE-2019-17134
2019-10-08 18:15:14
nessus
nessus
RHEL 8 : openstack-octavia (RHSA-2020:0721)
2023-01-23 00:00:00
RHEL 7 : openstack-octavia (RHSA-2019:3788)
2024-04-27 00:00:00
RHEL 7 : openstack-octavia (RHSA-2019:3743)
2024-04-28 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4153-1)
2019-10-11 00:00:00
ubuntucve
ubuntucve
CVE-2019-17134
2019-10-08 00:00:00
ubuntu
ubuntu
Octavia vulnerability
2019-10-10 00:00:00
cve
cve
CVE-2019-17134
2019-10-08 18:15:14
osv
osv
CVE-2019-17134
2019-10-08 18:15:14
veracode
veracode
Authentication Bypass
2020-04-03 10:18:09
prion
prion
Design/Logic Flaw
2019-10-08 18:15:00
debiancve
debiancve
CVE-2019-17134
2019-10-08 18:15:14
github
github
OpenStack Octavia Amphora-Agent not requiring Client-Certificate
2022-05-24 16:58:03