PT-2018-12620 · Red Hat · Red Hat Openstack+1

Publicado

2018-09-10

Atualizado

2021-08-04

CVE-2018-14620

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenStack RabbitMQ container image versions as shipped with Red Hat Openstack 12, 13, 14

Description The issue arises from the insecure retrieval of the rabbitmq clusterer component over HTTP during the build stage of the OpenStack RabbitMQ container image. This could potentially allow an attacker to serve malicious code to the image builder, resulting in the installation of malicious code in the resultant container image.

Recommendations For versions as shipped with Red Hat Openstack 12, 13, 14, consider disabling the insecure retrieval of the rabbitmq clusterer component over HTTP as a temporary workaround until a patch is available. Restrict access to the build stage of the OpenStack RabbitMQ container image to minimize the risk of exploitation.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-494CWE-20

Identificadores relacionados

CVE-2018-14620

Produtos afetados

Openstack Rabbitmq

Red Hat Openstack

PT-2018-12620 · Red Hat · Red Hat Openstack+1

CVE-2018-14620

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5