CVE-2024-8007

high

Description

A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a man-in-the-middle (MITM) attack.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2305975

https://access.redhat.com/security/cve/CVE-2024-8007

https://access.redhat.com/errata/RHSA-2024:9991

https://access.redhat.com/errata/RHSA-2024:9990

Details

Source: Mitre, NVD

Published: 2024-08-21

Updated: 2024-11-25

Risk Information

CVSS v2

Base Score: 7.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: High