11 matches found
RHEL 7 : openstack-octavia (RHSA-2019:3743)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:3743 advisory. The OpenStack Load Balancing service openstack-octavia provides a Load Balancing-as-a-Service LBaaS version 2 implementation for Red Hat OpenStack...
RHEL 7 : openstack-octavia (RHSA-2019:3788)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:3788 advisory. The OpenStack Load Balancing service openstack-octavia provides a Load Balancing-as-a-Service LBaaS version 2 implementation for Red Hat OpenStack...
RHEL 8 : openstack-octavia (RHSA-2020:0721)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0721 advisory. The OpenStack Load Balancing service openstack-octavia provides a Load Balancing-as-a-Service LBaaS version 2 implementation for Red Hat OpenStack...
Moderate: Red Hat Security Advisory: openstack-octavia security update
An update for openstack-octavia is now available for Red Hat OpenStack Platform 15 Stein. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Moderate: Red Hat Security Advisory: openstack-octavia security and bug fix update
An update for openstack-octavia is now available for Red Hat OpenStack Platform 13.0 Queens. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Moderate: Red Hat Security Advisory: openstack-octavia security update
An update for openstack-octavia is now available for Red Hat OpenStack Platform 14.0 Rocky. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
CVE-2019-17134
A certificate-validation error has been found in Octavia's amphora-agent, where an attacker with management-network access could bypass an amphora's client-certificate based authentication. Because the agent's HTTP server gunicorn had 'certreqs' set to 'True' instead of 'ssl.CERTREQUIRED',...
CVE-2019-17134
Amphora Images in OpenStack Octavia =0.10.0 =3.0.0 =4.0.0 4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the...
CVE-2019-17134
Amphora Images in OpenStack Octavia =0.10.0 =3.0.0 =4.0.0 4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the...
CVE-2019-17134
CVE-2019-17134 affects OpenStack Octavia amphora-agent: vulnerable in Octavia releases 0.10.0–2.1.2, 3.0.0–3.2.0, and 4.0.0–4.1.0, where the gunicorn cert_reqs option is misconfigured (True instead of ssl.CERT_REQUIRED), allowing anyone with access to the management network to bypass client-certi...
CVE-2019-17134
Amphora Images in OpenStack Octavia =0.10.0 =3.0.0 =4.0.0 4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the...