Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2018-14620

The OpenStack RabbitMQ container image insecurely retrieves the rabbitmq_clusterer component over HTTP during the build stage. This could potentially allow an attacker to serve malicious code to the image builder and install in the resultant container image. Version of openstack-rabbitmq-container and openstack-containers as shipped with Red Hat Openstack 12, 13, 14 are believed to be vulnerable.

Related bugs and status

CVE-2018-14620 (Candidate) is related to these bugs:

Bug #1791674: RabbitMQ downloads binary over http without verification

Summary				In	Importance	Status
	1791674	RabbitMQ downloads binary over http without verification		kolla	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugzilla.redha...
REDHAT: RHSA-2018:2721
REDHAT: RHSA-2018:2729