CVE-2019-3895

An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested to spawn new amphorae, Octavia would then pick up the compromised image.

CVSS v3 8.0 HIGH
CVSS v2.0 6.8 MEDIUM

8.0^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.1 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://access.redhat.com/errata/RHSA-2019:1683	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1742	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3895	Issue Tracking Mitigation Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:openstack:octavia:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*

History

04 Aug 2021, 17:14

Type	Values Removed	Values Added
CPE	cpe:2.3:a:redhat:openstack:12.0:::::::*	cpe:2.3:a:redhat:openstack:12:::::::*

Information

Published : 2019-06-03 19:29

Updated : 2023-12-10 12:59

NVD link : CVE-2019-3895

Mitre link : CVE-2019-3895

CVE.ORG link : CVE-2019-3895

JSON object : View

Products Affected

openstack

octavia

redhat

openstack

CWE

NVD-CWE-Other CWE-284

Improper Access Control

{"id": "CVE-2019-3895", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.1}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.0, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.1}]}, "published": "2019-06-03T19:29:02.080", "references": [{"url": "https://access.redhat.com/errata/RHSA-2019:1683", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2019:1742", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3895", "tags": ["Issue Tracking", "Mitigation", "Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested to spawn new amphorae, Octavia would then pick up the compromised image."}, {"lang": "es", "value": "Se descubri\u00f3 un fallo de control de acceso en el servicio de Octavia cuando la plataforma en la nube se implement\u00f3 con el Director de la plataforma de Red Hat OpenStack. Un atacante podr\u00eda hacer que se ejecuten nuevas \u00e1nforas en funci\u00f3n de cualquier imagen arbitraria. Esto significaba que un atacante remoto pod\u00eda cargar una nueva imagen de \u00e1nforas y, si se le ped\u00eda que generar nuevas \u00e1nforas, Octavia recoger\u00eda la imagen comprometida."}], "lastModified": "2021-08-04T17:14:34.650", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openstack:octavia:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAB5109D-E820-43DB-9FC3-82E311EF3442", "versionEndExcluding": "0.9.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D4AC996-B340-4A14-86F7-FF83B4D5EC8F"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}