CVSS: 9.1EPSS: 1%CPEs: 4EXPL: 0CVE-2019-17134 – openstack-octavia: amphora-agent not requiring client certificate
https://notcve.org/view.php?id=CVE-2019-17134
08 Oct 2019 — Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the cmd/agent.py gunicorn cert_reqs option is True but is supposed to be ssl.CERT_REQUIRED. Amphora Images en OpenStack Octavia versiones posteriores e incluyendo a 0.10.0 anteriores a 2.1.2, versiones p... • https://access.redhat.com/errata/RHSA-2019:3743 • CWE-287: Improper Authentication CWE-471: Modification of Assumed-Immutable Data (MAID) •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-16856 – openstack-octavia: Private keys written to world-readable log files
https://notcve.org/view.php?id=CVE-2018-16856
14 Mar 2019 — In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowing for information exposure. En una instalación de Red Hat Openstack Platform Director por defecto, openstack-octavia en versiones anteriores a la 2.0.2-5 y openstack-octavia-3.0.1-0.20181009115732 crean archivos de... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16856 • CWE-532: Insertion of Sensitive Information into Log File •