CVE-2024-8007

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Aug 21, 2024
Updated: Aug 23, 2024
CWE ID 295

Summary

CVE-2024-8007 identifies a vulnerability in the Red Hat OpenStack Platform (RHOSP) director that permits attackers to disable TLS certificate verification for registry mirrors, potentially facilitating a man-in-the-middle (MITM) attack. Affected products include various versions of RHOSP, which may expose organizations to high risks due to potential integrity and confidentiality impacts. The vulnerability has a CVSS base score of 8.1, indicating it is of high severity, with an exploitability score of 2.2 and no required privileges or user interaction needed for exploitation. Remediation involves ensuring proper TLS certificate validation to prevent the deployment of compromised container images. Organizations are advised to consult Red Hat's security advisories for specific patching instructions and further guidance on mitigation strategies.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share