Insecure HTTP Retrieval in OpenStack RabbitMQ Container Image
CVE-2018-14620

4.7MEDIUM

Key Information:

Vendor

Red Hat
Status
Openstack-rabbitMQ-container
Vendor
CVE Published:
10 September 2018

What is CVE-2018-14620?

The OpenStack RabbitMQ container image has a vulnerability that arises from its insecure retrieval of the rabbitmq_clusterer component over HTTP during the build process. This flaw enables an attacker to serve malicious code to the image builder, potentially leading to the installation of compromised software within the resultant container image. Versions of openstack-rabbitmq-container and openstack-containers distributed with Red Hat OpenStack releases 12, 13, and 14 are identified as susceptible to this security issue.

Affected Version(s)

openstack-rabbitmq-container 12, 13, 14

References

https://access.redhat.com/errata/RHSA-2018:2729
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2721
vendor-advisoryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14620
x_refsource_CONFIRM

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.