Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Opendev Subscribe
Filtered by product Octavia
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-17134 2 Canonical, Opendev 2 Ubuntu Linux, Octavia 2019-11-06 6.4 MEDIUM 9.1 CRITICAL
Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the cmd/agent.py gunicorn cert_reqs option is True but is supposed to be ssl.CERT_REQUIRED.