CVE-2018-14620
Last modified
CVE-2018-14620 is a vulnerability of currently unknown severity. The OpenStack RabbitMQ container image insecurely retrieves the rabbitmq_clusterer component over HTTP during the build stage. This could potentially allow an attacker to serve malicious code to the image builder and install in the resultant container image. EPSS estimates a 0.60% chance of exploitation in the next 30 days.
Description
The OpenStack RabbitMQ container image insecurely retrieves the rabbitmq_clusterer component over HTTP during the build stage. This could potentially allow an attacker to serve malicious code to the image builder and install in the resultant container image. Version of openstack-rabbitmq-container and openstack-containers as shipped with Red Hat Openstack 12, 13, 14 are believed to be vulnerable.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Openstack | 12 |
| Redhat | Openstack | 13 |
References
- https://access.redhat.com/errata/RHSA-2018:2721Vendor Advisory
- https://access.redhat.com/errata/RHSA-2018:2729Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14620Issue Tracking, Vendor Advisory
- https://access.redhat.com/errata/RHSA-2018:2721Vendor Advisory
- https://access.redhat.com/errata/RHSA-2018:2729Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14620Issue Tracking, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-14620?
How severe is CVE-2018-14620?
How do I fix CVE-2018-14620?
Are you affected by CVE-2018-14620?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST