CVE-2018-14620 MEDIUM

CVE-2018-14620

Vendor Red Hat
Product openstack-rabbitmq-container
Weakness CWE-494 · Download without integrity check
Published September 10, 2018
Last update August 5, 2024

CVSS base score

4.7/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

The OpenStack RabbitMQ container image insecurely retrieves the rabbitmq_clusterer component over HTTP during the build stage. This could potentially allow an attacker to serve malicious code to the image builder and install in the resultant container image. Version of openstack-rabbitmq-container and openstack-containers as shipped with Red Hat Openstack 12, 13, 14 are believed to be vulnerable.

Key dates

02Disclosure timeline

September 10, 2018 CVE published
August 5, 2024 Record updated