CVE-2019-17134
CRITICALOpenStack Octavia 0.10.0-2.1.1, 3.0.0-3.1.9, 4.0.0-4.0.9 - Unauthenticated Authentication Bypass via Agent HTTP Requests
Title source: llmDescription
Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the cmd/agent.py gunicorn cert_reqs option is True but is supposed to be ssl.CERT_REQUIRED.
References (12)
Core 12
Core References
Various Sources x_refsource_misc
https://storyboard.openstack.org/#%21/story/2006660
Mailing List, Patch, Third Party Advisory x_refsource_misc
https://review.opendev.org/686547
Mailing List, Patch, Third Party Advisory x_refsource_misc
https://review.opendev.org/686546
Mailing List, Patch, Third Party Advisory x_refsource_misc
https://review.opendev.org/686545
Mailing List, Patch, Third Party Advisory x_refsource_misc
https://review.opendev.org/686544
Mailing List, Patch, Third Party Advisory x_refsource_misc
https://review.opendev.org/686543
Mailing List, Patch, Third Party Advisory x_refsource_misc
https://review.opendev.org/686541
Patch, Vendor Advisory x_refsource_confirm
https://security.openstack.org/ossa/OSSA-2019-005.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4153-1/
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3743
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3788
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0721
Scores
CVSS v3
9.1
EPSS
0.0039
EPSS Percentile
60.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-287
Status
published
Products (3)
canonical/ubuntu_linux
19.04
opendev/octavia
0.10.0 - 2.1.2
pypi/octavia
0.10.0 - 2.1.2PyPI
Published
Oct 08, 2019
Tracked Since
Feb 18, 2026