A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a man-in-the-middle (MITM) attack.
History

Mon, 25 Nov 2024 04:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openstack:17.1
References

Fri, 22 Nov 2024 15:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openstack:17.1::el8
cpe:/a:redhat:openstack:17.1::el9

Mon, 23 Sep 2024 16:45:00 +0000

Type Values Removed Values Added
Description A flaw was found in the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a man-in-the-middle (MITM) attack. A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a man-in-the-middle (MITM) attack.
Title Rhosp-director: rhosp director disables tls verification for registry mirrors Openstack-tripleo-common: rhosp director disables tls verification for registry mirrors

Wed, 18 Sep 2024 08:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}


Fri, 23 Aug 2024 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openstack Platform
CPEs cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack_platform:17.1:*:*:*:*:*:*:*
Vendors & Products Redhat openstack Platform

Wed, 21 Aug 2024 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 21 Aug 2024 14:00:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. A flaw was found in the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a man-in-the-middle (MITM) attack.
Title rhosp-director: RHOSP Director Disables TLS Verification for Registry Mirrors Rhosp-director: rhosp director disables tls verification for registry mirrors
First Time appeared Redhat
Redhat openstack
CPEs cpe:/a:redhat:openstack:16.1
cpe:/a:redhat:openstack:16.2
cpe:/a:redhat:openstack:17.1
Vendors & Products Redhat
Redhat openstack
References

Tue, 20 Aug 2024 21:30:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title rhosp-director: RHOSP Director Disables TLS Verification for Registry Mirrors
Weaknesses CWE-295
References
Metrics threat_severity

None

cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-08-21T13:40:25.242Z

Updated: 2024-11-25T06:37:26.259Z

Reserved: 2024-08-20T11:09:27.802Z

Link: CVE-2024-8007

cve-icon Vulnrichment

Updated: 2024-08-21T15:06:33.436Z

cve-icon NVD

Status : Modified

Published: 2024-08-21T14:15:09.753

Modified: 2024-11-25T05:15:12.250

Link: CVE-2024-8007

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-08-20T00:00:00Z

Links: CVE-2024-8007 - Bugzilla