- Description
- A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a man-in-the-middle (MITM) attack.
- Source
- secalert@redhat.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.9
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- secalert@redhat.com
- CWE-295
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DCC81071-B46D-4F5D-AC25-B4A4CCC20C73"
},
{
"criteria": "cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4B3000D2-35DF-4A93-9FC0-1AD3AB8349B8"
},
{
"criteria": "cpe:2.3:a:redhat:openstack_platform:17.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E315FC5C-FF19-43C9-A58A-CF2A5FF13824"
}
],
"operator": "OR"
}
]
}
]