CVE-2024-8007

CVE Database · CVE-2024-8007

CVE-2024-8007

· HIGHModified

CVSS v3.1

8.1

EPSS

0.39%

Published

Aug 21, 2024

Modified

Nov 25, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a man-in-the-middle (MITM) attack.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-295

Affected Products (3)

redhat · openstack_platformvulnerable

References (4)

https://access.redhat.com/errata/RHSA-2024:9990

https://access.redhat.com/errata/RHSA-2024:9991

https://access.redhat.com/security/cve/CVE-2024-8007

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2305975

Issue TrackingVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs