CVE-2019-17134 – openstack-octavia: amphora-agent not requiring client certificate

https://notcve.org/view.php?id=CVE-2019-17134

08 Oct 2019 — Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the cmd/agent.py gunicorn cert_reqs option is True but is supposed to be ssl.CERT_REQUIRED. Amphora Images en OpenStack Octavia versiones posteriores e incluyendo a 0.10.0 anteriores a 2.1.2, versiones p... • https://access.redhat.com/errata/RHSA-2019:3743 • CWE-287: Improper Authentication CWE-471: Modification of Assumed-Immutable Data (MAID) •