7 matches found
OpenStack Octavia Amphora-Agent not requiring Client-Certificate
Amphora Images in OpenStack Octavia =0.10.0 =3.0.0 =4.0.0 4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the...
GHSA-R4V4-3JJ7-JC29 OpenStack Octavia Amphora-Agent not requiring Client-Certificate
Amphora Images in OpenStack Octavia =0.10.0 =3.0.0 =4.0.0 4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the...
openstack-octavia: amphora-agent not requiring client certificate
A certificate-validation error has been found in Octavia's amphora-agent, where an attacker with management-network access could bypass an amphora's client-certificate based authentication. Because the agent's HTTP server gunicorn had 'certreqs' set to 'True' instead of 'ssl.CERTREQUIRED',...
Moderate: Red Hat Security Advisory: openstack-octavia security and bug fix update
An update for openstack-octavia is now available for Red Hat OpenStack Platform 13.0 Queens. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
openstack-octavia: amphora-agent not requiring client certificate
A certificate-validation error has been found in Octavia's amphora-agent, where an attacker with management-network access could bypass an amphora's client-certificate based authentication. Because the agent's HTTP server gunicorn had 'certreqs' set to 'True' instead of 'ssl.CERTREQUIRED',...
openstack-octavia: amphora-agent not requiring client certificate
A certificate-validation error has been found in Octavia's amphora-agent, where an attacker with management-network access could bypass an amphora's client-certificate based authentication. Because the agent's HTTP server gunicorn had 'certreqs' set to 'True' instead of 'ssl.CERTREQUIRED',...
CVE-2019-17134
A certificate-validation error has been found in Octavia's amphora-agent, where an attacker with management-network access could bypass an amphora's client-certificate based authentication. Because the agent's HTTP server gunicorn had 'certreqs' set to 'True' instead of 'ssl.CERTREQUIRED',...