Description

A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a man-in-the-middle (MITM) attack.

Related CPE's

a

redhat

openstack_platform

3

References

https://access.redhat.com/security/cve/CVE-2024-8007

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2305975

Issue TrackingVendor Advisory

Weaknesses

[email protected]

Primary
CWE-295

CVSS impact metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

8.1 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2024-08-21T14:15:09.753

6 months ago

Last modified

2024-09-23T17:15:13.813

5 months ago