A flaw was found in the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a man-in-the-middle (MITM) attack.
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/CVE-2024-8007 | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2305975 | Issue Tracking Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
23 Aug 2024, 17:06
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
CPE | cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:* cpe:2.3:a:redhat:openstack_platform:17.1:*:*:*:*:*:*:* cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.1 |
First Time |
Redhat
Redhat openstack Platform |
|
References | () https://access.redhat.com/security/cve/CVE-2024-8007 - Vendor Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2305975 - Issue Tracking, Vendor Advisory |
21 Aug 2024, 16:06
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-21 14:15
Updated : 2024-09-18 08:15
NVD link : CVE-2024-8007
Mitre link : CVE-2024-8007
CVE.ORG link : CVE-2024-8007
JSON object : View
Products Affected
redhat
- openstack_platform
CWE
CWE-295
Improper Certificate Validation