CVE-2024-8007

A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a man-in-the-middle (MITM) attack.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack_platform:17.1:*:*:*:*:*:*:*

History

23 Sep 2024, 17:15

Type Values Removed Values Added
Summary (en) A flaw was found in the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a man-in-the-middle (MITM) attack. (en) A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a man-in-the-middle (MITM) attack.

23 Aug 2024, 17:06

Type Values Removed Values Added
Summary
  • (es) Se encontró una falla en el director de Red Hat OpenStack Platform (RHOSP). Esta vulnerabilidad permite a un atacante implementar imágenes de contenedores potencialmente comprometidas deshabilitando la verificación de certificados TLS para espejos de registro, lo que podría habilitar un ataque de intermediario (MITM).
CPE cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack_platform:17.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*
References () https://access.redhat.com/security/cve/CVE-2024-8007 - () https://access.redhat.com/security/cve/CVE-2024-8007 - Vendor Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2305975 - () https://bugzilla.redhat.com/show_bug.cgi?id=2305975 - Issue Tracking, Vendor Advisory
CVSS v2 : unknown
v3 : 7.5
v2 : unknown
v3 : 8.1
First Time Redhat
Redhat openstack Platform

21 Aug 2024, 16:06

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-21 14:15

Updated : 2024-09-23 17:15


NVD link : CVE-2024-8007

Mitre link : CVE-2024-8007

CVE.ORG link : CVE-2024-8007


JSON object : View

Products Affected

redhat

  • openstack_platform
CWE
CWE-295

Improper Certificate Validation