{"containers": {"cna": {"affected": [{"product": "openstack-tripleo-common", "vendor": "Red Hat", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested to spawn new amphorae, Octavia would then pick up the compromised image."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-07-10T14:06:11", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3895"}, {"name": "RHSA-2019:1683", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:1683"}, {"name": "RHSA-2019:1742", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:1742"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2019-3895", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "openstack-tripleo-common", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "Red Hat"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested to spawn new amphorae, Octavia would then pick up the compromised image."}]}, "impact": {"cvss": [[{"vectorString": "5.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-284"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3895", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3895"}, {"name": "RHSA-2019:1683", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1683"}, {"name": "RHSA-2019:1742", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1742"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:26:26.642Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3895"}, {"name": "RHSA-2019:1683", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:1683"}, {"name": "RHSA-2019:1742", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:1742"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2019-3895", "datePublished": "2019-06-03T18:04:56", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-08-04T19:26:26.642Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openstack:octavia:*:*:*:*:*:*:*:*", "matchCriteriaId": "CAB5109D-E820-43DB-9FC3-82E311EF3442", "versionEndExcluding": "0.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*", "matchCriteriaId": "4D4AC996-B340-4A14-86F7-FF83B4D5EC8F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested to spawn new amphorae, Octavia would then pick up the compromised image."}, {"lang": "es", "value": "Se descubri\u00f3 un fallo  de control de acceso en el servicio de Octavia cuando la plataforma en la nube se implement\u00f3 con el Director de la plataforma de Red Hat OpenStack. Un atacante podr\u00eda hacer que se ejecuten nuevas \u00e1nforas en funci\u00f3n de cualquier imagen arbitraria. Esto significaba que un atacante remoto pod\u00eda cargar una nueva imagen de \u00e1nforas y, si se le ped\u00eda que generar nuevas \u00e1nforas, Octavia recoger\u00eda la imagen comprometida."}], "id": "CVE-2019-3895", "lastModified": "2024-11-21T04:42:49.020", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 2.1, "impactScore": 3.4, "source": "secalert@redhat.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-06-03T19:29:02.080", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:1683"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:1742"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Mitigation", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3895"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:1683"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:1742"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mitigation", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3895"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Carlos Goncalves (Red Hat).", "affected_release": [{"advisory": "RHSA-2019:1742", "cpe": "cpe:/a:redhat:openstack:13::el7", "package": "openstack-tripleo-common-0:8.6.8-11.el7ost", "product_name": "Red Hat OpenStack Platform 13.0 (Queens)", "release_date": "2019-07-10T00:00:00Z"}, {"advisory": "RHSA-2019:1683", "cpe": "cpe:/a:redhat:openstack:14::el7", "package": "openstack-tripleo-common-0:9.5.0-5.el7ost", "product_name": "Red Hat OpenStack Platform 14.0 (Rocky)", "release_date": "2019-07-02T00:00:00Z"}], "bugzilla": {"description": "openstack-tripleo-common: Allows running new amphorae based on arbitrary images", "id": "1694608", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694608"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "status": "verified"}, "cwe": "CWE-284", "details": ["An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested to spawn new amphorae, Octavia would then pick up the compromised image.", "An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested to spawn new amphorae, Octavia would then pick up the compromised image."], "mitigation": {"lang": "en:us", "value": "To prevent this vulnerability:\n1. Update Octavia's configuration setting (octavia.conf) to `amp_image_owner_id = $UUID_OF_SERVICE_PROJECT` on all Octavia nodes. \n2. Enable the new configuration by restarting both `octavia_worker` and `octavia_health_manager`."}, "name": "CVE-2019-3895", "package_state": [{"cpe": "cpe:/a:redhat:openstack:15", "fix_state": "Not affected", "package_name": "openstack-tripleo-common", "product_name": "Red Hat OpenStack Platform 15 (Stein)"}], "public_date": "2019-05-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-3895\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3895\nhttps://bugs.launchpad.net/tripleo/+bug/1830607\nhttps://github.com/openstack/tripleo-common/commit/e7c5eab712e0f70ecbc6d225d4766e0fe0f3f884"], "threat_severity": "Moderate"}