PT-2019-5610 · Openstack+1 · Openstack Octavia+1

Published

2019-05-27

Updated

2022-05-24

CVE-2019-3895

CVSS v3.1

8.0

High

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenStack Octavia (affected versions not specified)

Description An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. This flaw allows a remote attacker to upload a new amphorae image and, if requested to spawn new amphorae, Octavia would then pick up the compromised image, potentially impacting the confidentiality, integrity, and availability of protected information.

Recommendations To prevent this vulnerability:

Update Octavia's configuration setting (octavia.conf) to amp image owner id = $UUID OF SERVICE PROJECT on all Octavia nodes.
Enable the new configuration by restarting both octavia worker and octavia health manager.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

BDU:2020-04695

CVE-2019-3895

GHSA-JJGH-M322-FJX6

PYSEC-2019-194

RHSA-2019:1683

RHSA-2019:1742

Affected Products

Openstack Octavia

Red Hat Openstack Platform Director

PT-2019-5610 · Openstack+1 · Openstack Octavia+1

CVE-2019-3895

Weakness Enumeration

Related Identifiers

Affected Products

References · 21