Showing 1 - 4 of 4

CVE-2019-17134

Status Candidate

Overview

Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the cmd/agent.py gunicorn cert_reqs option is True but is supposed to be ssl.CERT_REQUIRED.

Related Files

Red Hat Security Advisory 2020-0721-01: Posted Mar 5, 2020; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2020-0721-01 - The OpenStack Load Balancing service provides a Load Balancing-as-a-Service version 2 implementation for Red Hat OpenStack platform director based installations. A failure to require client certificates was addressed.; tags | advisory; systems | linux, redhat; advisories | CVE-2019-17134; SHA-256 | 2c07205d683caf4e3a0db587ef0d93c5f4fe6cc5c8aa31144418cb952294bc90; Download | Favorite | View

Red Hat Security Advisory 2019-3788-01: Posted Nov 7, 2019; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2019-3788-01 - The OpenStack Load Balancing service provides a Load Balancing-as-a-Service version 2 implementation for Red Hat OpenStack platform director based installations.; tags | advisory; systems | linux, redhat; advisories | CVE-2019-17134; SHA-256 | a78df754c97ad92bf546d94dbbefd97cbc0d28a30d5f10b8a574d0509ad1aa43; Download | Favorite | View

Red Hat Security Advisory 2019-3743-01: Posted Nov 6, 2019; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2019-3743-01 - The OpenStack Load Balancing service provides a Load Balancing-as-a-Service version 2 implementation for Red Hat OpenStack platform director based installations.; tags | advisory; systems | linux, redhat; advisories | CVE-2019-17134; SHA-256 | 78df12ced779977f0c38c701857e5edd0ec96e7fafa2425e0b2594626b61401d; Download | Favorite | View

Ubuntu Security Notice USN-4153-1: Posted Oct 10, 2019; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 4153-1 - Daniel Preussker discovered that Octavia incorrectly handled client certificate checking. A remote attacker on the management network could possibly use this issue to perform configuration changes and obtain sensitive information.; tags | advisory, remote; systems | linux, ubuntu; advisories | CVE-2019-17134; SHA-256 | 2de8e4091c1f8c7cc301e5b4e7d01c9f83547b32e93c847aec97417ab38aeafc; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 172 files
Ubuntu 47 files
Debian 22 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
tmrswrr 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

CVE-2019-17134

Overview

Related Files

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems