CVE-2024-8007 - OpenCVE

A flaw was found in the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a man-in-the-middle (MITM) attack.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Redhat	Openstack Openstack Platform

Configuration 1 [-]

OR	cpe:2.3:a:redhat:openstack_platform:16.1:::::::*
	cpe:2.3:a:redhat:openstack_platform:16.2:::::::*
	cpe:2.3:a:redhat:openstack_platform:17.1:::::::*

No data.

References

Link	Providers
https://access.redhat.com/security/cve/CVE-2024-8007
https://bugzilla.redhat.com/show_bug.cgi?id=2305975
https://nvd.nist.gov/vuln/detail/CVE-2024-8007
https://www.cve.org/CVERecord?id=CVE-2024-8007

History

Wed, 18 Sep 2024 08:00:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}`	cvssV3_1 `{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Fri, 23 Aug 2024 17:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat openstack Platform
CPEs		cpe:2.3:a:redhat:openstack_platform:16.1:::::::* cpe:2.3:a:redhat:openstack_platform:16.2:::::::* cpe:2.3:a:redhat:openstack_platform:17.1:::::::*
Vendors & Products		Redhat openstack Platform

Wed, 21 Aug 2024 15:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 21 Aug 2024 14:00:00 +0000

Type	Values Removed	Values Added
Description	No description is available for this CVE.	A flaw was found in the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a man-in-the-middle (MITM) attack.
Title	rhosp-director: RHOSP Director Disables TLS Verification for Registry Mirrors	Rhosp-director: rhosp director disables tls verification for registry mirrors
First Time appeared		Redhat Redhat openstack
CPEs		cpe:/a:redhat:openstack:16.1 cpe:/a:redhat:openstack:16.2 cpe:/a:redhat:openstack:17.1
Vendors & Products		Redhat Redhat openstack
References		https://access.redhat.com/security/cve/CVE-2024-8007 https://bugzilla.redhat.com/show_bug.cgi?id=2305975

Tue, 20 Aug 2024 21:30:00 +0000

Type	Values Removed	Values Added
Description		No description is available for this CVE.
Title		rhosp-director: RHOSP Director Disables TLS Verification for Registry Mirrors
Weaknesses		CWE-295
References		https://nvd.nist.gov/vuln/detail/CVE-2024-8007 https://www.cve.org/CVERecord?id=CVE-2024-8007
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Moderate`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-08-21T13:40:25.242Z

Updated: 2024-09-18T07:42:41.968Z

Reserved: 2024-08-20T11:09:27.802Z

Link: CVE-2024-8007

Vulnrichment

Updated: 2024-08-21T15:06:33.436Z

NVD

Status : Modified

Published: 2024-08-21T14:15:09.753

Modified: 2024-09-18T08:15:06.990

Link: CVE-2024-8007

Redhat

Severity : Moderate

Publid Date: 2024-08-20T00:00:00Z

Links: CVE-2024-8007 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object