CVE-2019-17134

Priority
Description
Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0,
>=4.0.0 <4.1.0 allows anyone with access to the management network to
bypass client-certificate based authentication and retrieve information or
issue configuration commands via simple HTTP requests to the Agent on port
https/9443, because the cmd/agent.py gunicorn cert_reqs option is True but
is supposed to be ssl.CERT_REQUIRED.
Notes
Package
Upstream:released (4.0.0-6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
More Information

Updated: 2020-07-28 20:07:03 UTC (commit d26b6ca9f5b3adb89bb036ce73ae7dab894935ec)