CVE-2018-14620
4.7
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
The OpenStack RabbitMQ container image insecurely retrieves the rabbitmq_clusterer component over HTTP during the build stage. This could potentially allow an attacker to serve malicious code to the image builder and install in the resultant container image. Version of openstack-rabbitmq-container and openstack-containers as shipped with Red Hat Openstack 12, 13, 14 are believed to be vulnerable.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | openstack-rabbitmq-container | 12, 13, 14 | affected |
Weaknesses
- CWE-494: CWE-494
ADP Enrichment
CVE Program Container
Additional References
- https://access.redhat.com/errata/RHSA-2018:2729
- https://access.redhat.com/errata/RHSA-2018:2721
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14620
References
- https://access.redhat.com/errata/RHSA-2018:2729
- https://access.redhat.com/errata/RHSA-2018:2721
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14620
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.