Description
The OpenStack RabbitMQ container image insecurely retrieves the rabbitmq_clusterer component over HTTP during the build stage. This could potentially allow an attacker to serve malicious code to the image builder and install in the resultant container image. Version of openstack-rabbitmq-container and openstack-containers as shipped with Red Hat Openstack 12, 13, 14 are believed to be vulnerable.
Scores
CVSS v3
4.7
EPSS
0.0012
EPSS Percentile
31.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-494
CWE-20
Status
published
Products (2)
redhat/openstack
12
redhat/openstack
13
Published
Sep 10, 2018
Tracked Since
Feb 18, 2026