Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-8007

A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a man-in-the-middle (MITM) attack.

Published

2024-08-21T14:15:09.753

Last Modified

2024-11-25T05:15:12.250

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

Weaknesses

Type: Primary
CWE-295

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	openstack_platform	16.1	Yes
Application	redhat	openstack_platform	16.2	Yes
Application	redhat	openstack_platform	17.1	Yes

References

https://access.redhat.com/errata/RHSA-2024:9990 ([email protected])
https://access.redhat.com/errata/RHSA-2024:9991 ([email protected])
https://access.redhat.com/security/cve/CVE-2024-8007 Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2305975 Issue Tracking, Vendor Advisory ([email protected])