OpenStack Platform Vulnerability Exposes Containers to MITM Attacks
CVE-2024-8007

8.1HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Openstack Platform 16.1; Red Hat Openstack Platform 16.2; Red Hat Openstack Platform 17.1
Vendor: CVE Published:; 21 August 2024

Summary

A flaw exists in the openstack-tripleo-common component of the Red Hat OpenStack Platform (RHOSP) director. An attacker may exploit this to deploy potentially compromised container images because the system has the option to disable TLS certificate verification for registry mirrors. This could lead to a serious security risk known as a man-in-the-middle (MITM) attack, where an attacker could intercept and manipulate communications between users and the registry. Properly managing TLS certificate verification settings is crucial to maintaining the integrity and security of the OpenStack environment.

References

https://access.redhat.com/security/cve/CVE-2024-8007

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2305975

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 21, 2024
Vulnerability Reserved
Aug 20, 2024