CVE-2019-17134

Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the cmd/agent.py gunicorn cert_reqs option is True but is supposed to be ssl.CERT_REQUIRED.

Published : 2019-10-08 18:15 Updated : 2019-10-15 14:03

6.4
CVSS Score More info
Score 6.4 / 10
6.4
Vendor Product Version URI
Canonical Ubuntu Linux 19.04 cpe:/o:canonical:ubuntu_linux:19.04
  1. Canonical (1) Search CVE
    1. Ubuntu Linux (1) Search CVE
      1. 19.04

CWE

ID Name Description Links
CWE-287 Improper Authentication When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. CVE

History of changes

Date Event
2019-10-15 14:03
2019-10-08 20:02

New CVE