CVE Vulnerabilities

CVE-2014-0041

Published: Jun 02, 2014 | Modified: Feb 13, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
2.6 LOW
AV:N/AC:H/Au:N/C:N/I:P/A:N
RedHat/V3
Ubuntu

OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets sslverify to false for certain Yum repositories, which disables SSL protection and allows man-in-the-middle attackers to prevent updates via unspecified vectors.

Affected Software

Name Vendor Start Version End Version
Openstack Redhat 4.0 (including) 4.0 (including)
OpenStack 4 for RHEL 6 RedHat openstack-heat-templates-0:0-0.3.20140407git.el6ost *

References