Lucene search

K

Veracode Vulnerability DatabaseVERACODE:22933

HistoryApr 03, 2020 - 10:18 a.m.

Authentication Bypass

2020-04-0310:18:09

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

9

EPSS

0.002

Percentile

61.1%

openstack octavia is vulnerable to authentication bypass. An attacker is able to bypass authentication and gain access to the application due to an incorrect configuration in cmd/agent.py whereby the gunicorn cert_reqs option is set to True instead of ssl.CERT_REQUIRED.

References

access.redhat.com/errata/RHSA-2019:3743

access.redhat.com/errata/RHSA-2019:3788

bugzilla.suse.com/show_bug.cgi?id=1153304

github.com/openstack/octavia/commit/1725517d1d209f26b2275306d83e49c099dcbe1a

review.opendev.org/686541

review.opendev.org/686543

review.opendev.org/686544

review.opendev.org/686545

review.opendev.org/686546

review.opendev.org/686547

security.openstack.org/ossa/OSSA-2019-005.html

storyboard.openstack.org/#!/story/2006660

usn.ubuntu.com/4153-1/

EPSS

0.002

Percentile

61.1%

Related for VERACODE:22933

redhatcve1 cvelist1 redhat3 nvd1 nessus4 openvas1 ubuntucve1 ubuntu1 cve1 osv1 prion1 debiancve1 github1