CVE-2018-14620

Sažetak

The OpenStack RabbitMQ container image insecurely retrieves the rabbitmq_clusterer component over HTTP during the build stage. This could potentially allow an attacker to serve malicious code to the image builder and install in the resultant container image. Version of openstack-rabbitmq-container and openstack-containers as shipped with Red Hat Openstack 12, 13, 14 are believed to be vulnerable.

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14620
https://access.redhat.com/errata/RHSA-2018:2721
https://access.redhat.com/errata/RHSA-2018:2729

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

04-08-2021 - 17:14

Objavljeno

10-09-2018 - 19:29