CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2019-3895 – openstack-tripleo-common: Allows running new amphorae based on arbitrary images
https://notcve.org/view.php?id=CVE-2019-3895
03 Jun 2019 — An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested to spawn new amphorae, Octavia would then pick up the compromised image. Se descubrió un fallo de control de acceso en el servicio de Octavia cuando la plataforma en la nube se implementó con el Director de la plataf... • https://access.redhat.com/errata/RHSA-2019:1683 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-16856 – openstack-octavia: Private keys written to world-readable log files
https://notcve.org/view.php?id=CVE-2018-16856
14 Mar 2019 — In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowing for information exposure. En una instalación de Red Hat Openstack Platform Director por defecto, openstack-octavia en versiones anteriores a la 2.0.2-5 y openstack-octavia-3.0.1-0.20181009115732 crean archivos de... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16856 • CWE-532: Insertion of Sensitive Information into Log File •