CVE-2019-17134

Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the cmd/agent.py gunicorn certreqs option is True but is supposed to be ssl.CERTREQUIRED.

References

Affected packages

Git / github.com/openstack/octavia

Affected ranges

Type

GIT

Repo

https://github.com/openstack/octavia

Events

Introduced

c3345e46573cb6c618cb9447fade2e255b6f5589

Fixed

89a2f6e0136ad49d928eb65b4cf555af2a2b8ab1

Introduced

8d74497cf6fd22620d0881ad2549acd69a537776

Fixed

624ff08f27bcb73788663cbe6d35cbe29c537844

Introduced

feb640d99d392167ca37e1c7c02d895a03f32172

Fixed

1725517d1d209f26b2275306d83e49c099dcbe1a

Database specific

{
    "versions": [
        {
            "introduced": "0.10.0"
        },
        {
            "fixed": "2.1.2"
        },
        {
            "introduced": "3.0.0"
        },
        {
            "fixed": "3.2.0"
        },
        {
            "introduced": "4.0.0"
        },
        {
            "fixed": "4.1.0"
        }
    ]
}

Affected versions

0.*

0.10.0

1.*

1.0.0.0b1

1.0.0.0b2

1.0.0.0b3

1.0.0.0rc1

2.*

2.0.0

2.0.0.0b1

2.0.0.0b2

2.0.0.0b3

2.0.0.0rc1

2.0.0.0rc2

2.0.1

2.0.2

2.0.3

2.0.4

2.1.0

2.1.1

3.*

3.0.0

3.0.0.0rc3

3.0.1

3.0.2

3.1.0

3.1.1

4.*

4.0.0

4.0.0.0rc3

4.0.1

Other

ocata-em

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "19.04"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-17134.json"