A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a man-in-the-middle (MITM) attack.
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/CVE-2024-8007 | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2305975 | Issue Tracking Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
23 Sep 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a man-in-the-middle (MITM) attack. |
23 Aug 2024, 17:06
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
CPE | cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:* cpe:2.3:a:redhat:openstack_platform:17.1:*:*:*:*:*:*:* cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:* |
|
References | () https://access.redhat.com/security/cve/CVE-2024-8007 - Vendor Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2305975 - Issue Tracking, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.1 |
First Time |
Redhat
Redhat openstack Platform |
21 Aug 2024, 16:06
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-21 14:15
Updated : 2024-09-23 17:15
NVD link : CVE-2024-8007
Mitre link : CVE-2024-8007
CVE.ORG link : CVE-2024-8007
JSON object : View
Products Affected
redhat
- openstack_platform
CWE
CWE-295
Improper Certificate Validation