CVE-2017-7512

Priority
Medium
Description
Red Hat 3scale (aka RH-3scale) API Management Platform (AMP) before 2.0.0
would permit creation of an access token without a client secret. An
attacker could use this flaw to circumvent authentication controls and gain
access to restricted APIs. NOTE: some sources have a typo in which
CVE-2017-7512 maps to an OpenVPN vulnerability. The proper CVE ID for that
OpenVPN vulnerability is CVE-2017-7521. Specifically, CVE-2017-7521 is the
correct CVE ID for TWO closely related findings in OpenVPN. Any source that
lists BOTH CVE-2017-7512 and CVE-2017-7521 for OpenVPN should have listed
ONLY CVE-2017-7521.
References
Bugs
Assigned-to
mdeslaur
Package
Upstream:released (2.4.3, 2.3.17)
Ubuntu 17.10 (Artful Aardvark):released (2.4.0-5ubuntu2)
Ubuntu 12.04 ESM (Precise Pangolin):needed
Ubuntu 14.04 LTS (Trusty Tahr):released (2.3.2-7ubuntu3.2)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (2.3.10-1ubuntu2.1)
Ubuntu 16.10 (Yakkety Yak):released (2.3.11-1ubuntu2.1)
Ubuntu 17.04 (Zesty Zapus):released (2.4.0-4ubuntu1.3)
Patches:
Upstream:https://github.com/OpenVPN/openvpn/commit/2d032c7fcd (master)
Upstream:https://github.com/OpenVPN/openvpn/commit/2341f71619 (2.4)
Upstream:https://github.com/OpenVPN/openvpn/commit/84e1775961 (2.3)
More Information

Updated: 2017-07-13 07:14:21 UTC (commit 12883)