CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-3895

An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested to spawn new amphorae, Octavia would then pick up the compromised image.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 70.8%

CVSS Severity

CVSS v3 Score 5.5

CVSS v2 Score 6.8

References

https://access.redhat.com/errata/RHSA-2019:1683
https://access.redhat.com/errata/RHSA-2019:1742
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3895
https://access.redhat.com/errata/RHSA-2019:1683
https://access.redhat.com/errata/RHSA-2019:1742
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3895

Products affected by CVE-2019-3895

Openstack » Octavia » Version: 0.5.2-23

cpe:2.3:a:openstack:octavia:0.5.2-23
Openstack » Octavia » Version: 0.8.0

cpe:2.3:a:openstack:octavia:0.8.0
Redhat » Openstack » Version: 12

cpe:2.3:a:redhat:openstack:12

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-3895

Products

Pricing

Contact Us