PT-2024-38750 · Red Hat · Red Hat Openstack Platform
Michal Findra
·
Published
2024-08-21
·
Updated
2024-11-25
·
CVE-2024-8007
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Red Hat OpenStack Platform (RHOSP) director versions 16.1 through 17.1
Description:
A flaw was found in the Red Hat OpenStack Platform (RHOSP) director, allowing an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors. This could enable a man-in-the-middle (MITM) attack.
Recommendations:
For versions 16.1 through 17.1, consider disabling the feature that allows disabling TLS certificate verification for registry mirrors until a patch is available. Restrict access to the registry mirrors to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Red Hat Openstack Platform