CVE-2018-14620

EPSS 0.13%
Published 10.09.2018 19:29:00
Last modified 21.11.2024 03:49:26
Source secalert@redhat.com
Teams watchlist Login
Open Login

The OpenStack RabbitMQ container image insecurely retrieves the rabbitmq_clusterer component over HTTP during the build stage. This could potentially allow an attacker to serve malicious code to the image builder and install in the resultant container image. Version of openstack-rabbitmq-container and openstack-containers as shipped with Red Hat Openstack 12, 13, 14 are believed to be vulnerable.

Affected products Warnungen 0 Metrics 4 CWE 2 References 6

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Openstack Version12

Redhat ≫ Openstack Version13

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.13%	0.334

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
secalert@redhat.com	4.7	1.6	2.7	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-494 Download of Code Without Integrity Check

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

https://access.redhat.com/errata/RHSA-2018:2729

Vendor Advisory

https://access.redhat.com/errata/RHSA-2018:2721

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14620

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2018-14620

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-14620

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-14620

EUVD