CVE 2019-17134
Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the cmd/agent.py gunicorn cert_reqs option is True but is supposed to be ssl.CERT_REQUIRED.
Related bugs and status
CVE-2019-17134 (Candidate) is related to these bugs:
Bug #1844931: Fresh installation fails when using amphora test image: expects queries on /1.0/info
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1844931 | Fresh installation fails when using amphora test image: expects queries on /1.0/info | OpenStack Octavia Charm | Undecided | Expired | ||
Bug #1847243: Update Octavia-* packages as per OSSA-2019-005 / CVE-2019-17134
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1847243 | Update Octavia-* packages as per OSSA-2019-005 / CVE-2019-17134 | Ubuntu Cloud Archive | High | Fix Released | ||
| 1847243 | Update Octavia-* packages as per OSSA-2019-005 / CVE-2019-17134 | octavia (Ubuntu) | High | Fix Released | ||
| 1847243 | Update Octavia-* packages as per OSSA-2019-005 / CVE-2019-17134 | Ubuntu Cloud Archive rocky | High | Fix Released | ||
| 1847243 | Update Octavia-* packages as per OSSA-2019-005 / CVE-2019-17134 | Ubuntu Cloud Archive train | High | Fix Released | ||
| 1847243 | Update Octavia-* packages as per OSSA-2019-005 / CVE-2019-17134 | Ubuntu Cloud Archive stein | High | Fix Released | ||
| 1847243 | Update Octavia-* packages as per OSSA-2019-005 / CVE-2019-17134 | octavia (Ubuntu Disco) | High | Fix Released | ||
| 1847243 | Update Octavia-* packages as per OSSA-2019-005 / CVE-2019-17134 | octavia (Ubuntu Eoan) | High | Fix Released | ||
Bug #1853319: [SRU] stein stable releases
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1853319 | [SRU] stein stable releases | Ubuntu Cloud Archive | Undecided | Invalid | ||
| 1853319 | [SRU] stein stable releases | Ubuntu Cloud Archive stein | High | Fix Released | ||
| 1853319 | [SRU] stein stable releases | horizon (Ubuntu) | Undecided | Invalid | ||
| 1853319 | [SRU] stein stable releases | neutron (Ubuntu) | Undecided | Invalid | ||
| 1853319 | [SRU] stein stable releases | neutron-lbaas (Ubuntu) | Undecided | Invalid | ||
| 1853319 | [SRU] stein stable releases | octavia (Ubuntu) | Undecided | Invalid | ||
| 1853319 | [SRU] stein stable releases | horizon (Ubuntu Disco) | High | Fix Released | ||
| 1853319 | [SRU] stein stable releases | neutron (Ubuntu Disco) | High | Fix Released | ||
| 1853319 | [SRU] stein stable releases | neutron-lbaas (Ubuntu Disco) | High | Fix Released | ||
| 1853319 | [SRU] stein stable releases | octavia (Ubuntu Disco) | High | Fix Released | ||
Bug #1853320: [SRU] rocky stable releases
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1853320 | [SRU] rocky stable releases | Ubuntu Cloud Archive | Undecided | Invalid | ||
| 1853320 | [SRU] rocky stable releases | Ubuntu Cloud Archive rocky | High | Fix Released | ||
Bug #1888309: [MIR] octavia
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1888309 | [MIR] octavia | octavia (Ubuntu) | High | In Progress | ||
See the 
CVE page on Mitre.org
for more details.
