← back
CVE-2019-3895

CVE-2019-3895

CVSS 5.5 MEDIUMEPSS 1.4%CWE-284
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.5EPSS 1.4%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
03 Jun 2019Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested to spawn new amphorae, Octavia would then pick up the compromised image.
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Affected products
Red Hat · openstack-tripleo-common

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://access.redhat.com/errata/RHSA-2019:1683https://access.redhat.com/errata/RHSA-2019:1742https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3895