Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2019-0223

Published: Apr 23, 2019 | Modified: Nov 07, 2023
CVSS 3.x
7.4
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVSS 2.x
5.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
RedHat/V2
RedHat/V3
7.4 IMPORTANT
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2019-0223
CWEhttps://cwe.mitre.org/data/definitions/.html

While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS even when configured to verify the peer certificate while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic.

Affected Software

Name Vendor Start Version End Version
Qpid Apache 0.9 (including) 0.27.0 (including)
AMQ Clients 2.y for RHEL 6 RedHat qpid-proton-0:0.27.0-3.el6 *
AMQ Clients 2.y for RHEL 7 RedHat qpid-proton-0:0.27.0-3.el7 *
CloudForms Management Engine 5.11 RedHat ansible-runner-0:1.3.4-2.el8ar *
CloudForms Management Engine 5.11 RedHat ansible-tower-0:3.5.2-1.el8at *
CloudForms Management Engine 5.11 RedHat cfme-0:5.11.0.28-1.el8cf *
CloudForms Management Engine 5.11 RedHat cfme-amazon-smartstate-0:5.11.0.28-1.el8cf *
CloudForms Management Engine 5.11 RedHat cfme-appliance-0:5.11.0.28-1.el8cf *
CloudForms Management Engine 5.11 RedHat cfme-gemset-0:5.11.0.28-1.el8cf *
CloudForms Management Engine 5.11 RedHat ovirt-ansible-cluster-upgrade-0:1.1.13-1.el8ev *
CloudForms Management Engine 5.11 RedHat ovirt-ansible-disaster-recovery-0:1.2.0-1.el8ev *
CloudForms Management Engine 5.11 RedHat ovirt-ansible-engine-setup-0:1.1.9-1.el8ev *
CloudForms Management Engine 5.11 RedHat ovirt-ansible-hosted-engine-setup-0:1.0.26-1.el8ev *
CloudForms Management Engine 5.11 RedHat ovirt-ansible-image-template-0:1.1.11-1.el8ev *
CloudForms Management Engine 5.11 RedHat ovirt-ansible-infra-0:1.1.12-1.el8ev *
CloudForms Management Engine 5.11 RedHat ovirt-ansible-manageiq-0:1.1.14-1.el8ev *
CloudForms Management Engine 5.11 RedHat ovirt-ansible-repositories-0:1.1.5-1.el8ev *
CloudForms Management Engine 5.11 RedHat ovirt-ansible-roles-0:1.1.7-2.el8ev *
CloudForms Management Engine 5.11 RedHat ovirt-ansible-shutdown-env-0:1.0.3-1.el8ev *
CloudForms Management Engine 5.11 RedHat ovirt-ansible-vm-infra-0:1.1.19-1.el8ev *
CloudForms Management Engine 5.11 RedHat prince-0:12.4-1.el8cf *
CloudForms Management Engine 5.11 RedHat python3-ovirt-engine-sdk4-0:4.3.2-1.el8ev *
CloudForms Management Engine 5.11 RedHat python-bambou-0:3.0.1-2.el8cf *
CloudForms Management Engine 5.11 RedHat python-colorama-0:0.4.1-1.el8ost *
CloudForms Management Engine 5.11 RedHat python-daemon-0:2.1.2-9.el8ar *
CloudForms Management Engine 5.11 RedHat python-funcsigs-0:1.0.2-3.el8ost *
CloudForms Management Engine 5.11 RedHat python-future-0:0.16.0-1.el8cf *
CloudForms Management Engine 5.11 RedHat python-lockfile-1:0.11.0-8.el8ar *
CloudForms Management Engine 5.11 RedHat python-mock-0:2.0.0-11.el8ost *
CloudForms Management Engine 5.11 RedHat python-pbr-0:5.1.2-2.el8ost *
CloudForms Management Engine 5.11 RedHat python-pexpect-0:4.6-2.el8ar *
CloudForms Management Engine 5.11 RedHat python-psutil-0:5.4.3-5.el8ar *
CloudForms Management Engine 5.11 RedHat python-pylxca-0:2.1.1-2.el8cf *
CloudForms Management Engine 5.11 RedHat python-requests-toolbelt-0:0.8.0-2.el8cf *
CloudForms Management Engine 5.11 RedHat python-tabulate-0:0.8.2-1.el8cf *
CloudForms Management Engine 5.11 RedHat python-vspk-0:5.3.2-2.el8cf *
CloudForms Management Engine 5.11 RedHat qpid-proton-0:0.28.0-1.el8 *
CloudForms Management Engine 5.11 RedHat repmgr10-0:4.0.6-3.el8cf *
CloudForms Management Engine 5.11 RedHat rubygem-bcrypt-0:3.1.13-1.el8cf *
CloudForms Management Engine 5.11 RedHat rubygem-byebug-0:11.0.1-1.el8cf *
CloudForms Management Engine 5.11 RedHat rubygem-escape_utils-0:1.2.1-1.el8cf *
CloudForms Management Engine 5.11 RedHat rubygem-ffi-0:1.9.25-1.el8cf *
CloudForms Management Engine 5.11 RedHat rubygem-hamlit-0:2.8.10-1.el8cf *
CloudForms Management Engine 5.11 RedHat rubygem-http_parser.rb-0:0.6.0-1.el8cf *
CloudForms Management Engine 5.11 RedHat rubygem-linux_block_device-0:0.2.1-1.el8cf *
CloudForms Management Engine 5.11 RedHat rubygem-memory_buffer-0:0.1.0-2.el8cf *
CloudForms Management Engine 5.11 RedHat rubygem-nio4r-0:2.4.0-1.el8cf *
CloudForms Management Engine 5.11 RedHat rubygem-nokogiri-0:1.8.5-1.el8cf *
CloudForms Management Engine 5.11 RedHat rubygem-ovirt-engine-sdk4-0:4.3.0-1.el8cf *
CloudForms Management Engine 5.11 RedHat rubygem-puma-0:3.7.1-1.el8cf *
CloudForms Management Engine 5.11 RedHat rubygem-qpid_proton-0:0.26.0-1.el8cf *
CloudForms Management Engine 5.11 RedHat rubygem-rugged-0:0.28.2-1.el8cf *
CloudForms Management Engine 5.11 RedHat rubygem-sassc-0:2.0.1-1.el8cf *
CloudForms Management Engine 5.11 RedHat rubygem-sqlite3-0:1.3.13-2.el8cf *
CloudForms Management Engine 5.11 RedHat rubygem-surro-gate-0:1.0.5-1.el8cf *
CloudForms Management Engine 5.11 RedHat rubygem-unf_ext-0:0.0.7.6-1.el8cf *
CloudForms Management Engine 5.11 RedHat rubygem-websocket-driver-0:0.6.5-1.el8cf *
CloudForms Management Engine 5.11 RedHat smem-0:1.4-1.el8cf *
CloudForms Management Engine 5.11 RedHat v2v-conversion-host-0:1.14.2-1.el8ev *
CloudForms Management Engine 5.11 RedHat wmi-0:1.3.14-8.el8cf *
Red Hat OpenStack Platform 13.0 (Queens) RedHat jsoncpp-0:1.7.7-1.el7 *
Red Hat OpenStack Platform 13.0 (Queens) RedHat qpid-proton-0:0.27.0-3.el7 *
Red Hat OpenStack Platform 14.0 Operational Tools for RHEL 7 RedHat qpid-proton-0:0.27.0-3.el7 *
Red Hat OpenStack Platform 14.0 (Rocky) RedHat qpid-proton-0:0.27.0-3.el7 *
Red Hat Satellite 6.3 for RHEL 7 RedHat qpid-proton-0:0.16.0-14.el7sat *
Red Hat Satellite 6.3 for RHEL 7 RedHat qpid-proton-0:0.16.0-14.el7sat *
Red Hat Satellite 6.4 for RHEL 7 RedHat qpid-proton-0:0.16.0-14.el7sat *
Red Hat Satellite 6.4 for RHEL 7 RedHat qpid-proton-0:0.16.0-14.el7sat *
Red Hat Satellite 6.5 for RHEL 7 RedHat qpid-proton-0:0.28.0-1.el7 *
Red Hat Satellite 6.5 for RHEL 7 RedHat qpid-proton-0:0.28.0-1.el7 *
Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS RedHat qpid-proton-0:0.28.0-1.el7 *
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 RedHat qpid-proton-0:0.28.0-1.el7 *
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 RedHat qpid-proton-0:0.16.0-14.el7sat *
Satellite Tools 6.3 for RHEL 5.9.AUS RedHat qpid-proton-0:0.9-22.el5 *
Satellite Tools 6.3 for RHEL 5.ELS RedHat qpid-proton-0:0.9-22.el5 *
Satellite Tools 6.3 for RHEL 6 RedHat qpid-proton-0:0.16.0-14.el6sat *
Satellite Tools 6.3 for RHEL 6.4.AUS RedHat qpid-proton-0:0.16.0-14.el6sat *
Satellite Tools 6.3 for RHEL 6.5.AUS RedHat qpid-proton-0:0.16.0-14.el6sat *
Satellite Tools 6.3 for RHEL 6.6.AUS RedHat qpid-proton-0:0.16.0-14.el6sat *
Satellite Tools 6.3 for RHEL 6.7.EUS RedHat qpid-proton-0:0.16.0-14.el6sat *
Satellite Tools 6.3 for RHEL 7 RedHat qpid-proton-0:0.16.0-14.el7sat *
Satellite Tools 6.3 for RHEL 7.2.AUS RedHat qpid-proton-0:0.16.0-14.el7sat *
Satellite Tools 6.3 for RHEL 7.2.E4S RedHat qpid-proton-0:0.16.0-14.el7sat *
Satellite Tools 6.3 for RHEL 7.2.EUS RedHat qpid-proton-0:0.16.0-14.el7sat *
Satellite Tools 6.3 for RHEL 7.3.AUS RedHat qpid-proton-0:0.16.0-14.el7sat *
Satellite Tools 6.3 for RHEL 7.3.E4S RedHat qpid-proton-0:0.16.0-14.el7sat *
Satellite Tools 6.3 for RHEL 7.3.EUS RedHat qpid-proton-0:0.16.0-14.el7sat *
Satellite Tools 6.3 for RHEL 7.4.AUS RedHat qpid-proton-0:0.16.0-14.el7sat *
Satellite Tools 6.3 for RHEL 7.4.E4S RedHat qpid-proton-0:0.16.0-14.el7sat *
Satellite Tools 6.3 for RHEL 7.4.EUS RedHat qpid-proton-0:0.16.0-14.el7sat *
Satellite Tools 6.3 for RHEL 7.5.EUS RedHat qpid-proton-0:0.16.0-14.el7sat *
Satellite Tools 6.3 for RHEL 7.6.AUS RedHat qpid-proton-0:0.16.0-14.el7sat *
Satellite Tools 6.3 for RHEL 7.6.E4S RedHat qpid-proton-0:0.16.0-14.el7sat *
Satellite Tools 6.3 for RHEL 7.6.EUS RedHat qpid-proton-0:0.16.0-14.el7sat *
Satellite Tools 6.4 for RHEL 5.9.AUS RedHat qpid-proton-0:0.9-22.el5 *
Satellite Tools 6.4 for RHEL 5.ELS RedHat qpid-proton-0:0.9-22.el5 *
Satellite Tools 6.4 for RHEL 6 RedHat qpid-proton-0:0.16.0-14.el6sat *
Satellite Tools 6.4 for RHEL 6.7.EUS RedHat qpid-proton-0:0.16.0-14.el6sat *
Satellite Tools 6.4 for RHEL 7 RedHat qpid-proton-0:0.16.0-14.el7sat *
Satellite Tools 6.4 for RHEL 7.2.AUS RedHat qpid-proton-0:0.16.0-14.el7sat *
Satellite Tools 6.4 for RHEL 7.2.E4S RedHat qpid-proton-0:0.16.0-14.el7sat *
Satellite Tools 6.4 for RHEL 7.2.TUS RedHat qpid-proton-0:0.16.0-14.el7sat *
Satellite Tools 6.4 for RHEL 7.3.AUS RedHat qpid-proton-0:0.16.0-14.el7sat *
Satellite Tools 6.4 for RHEL 7.3.E4S RedHat qpid-proton-0:0.16.0-14.el7sat *
Satellite Tools 6.4 for RHEL 7.3.TUS RedHat qpid-proton-0:0.16.0-14.el7sat *
Satellite Tools 6.4 for RHEL 7.4.AUS RedHat qpid-proton-0:0.16.0-14.el7sat *
Satellite Tools 6.4 for RHEL 7.4.E4S RedHat qpid-proton-0:0.16.0-14.el7sat *
Satellite Tools 6.4 for RHEL 7.4.EUS RedHat qpid-proton-0:0.16.0-14.el7sat *
Satellite Tools 6.4 for RHEL 7.4.TUS RedHat qpid-proton-0:0.16.0-14.el7sat *
Satellite Tools 6.4 for RHEL 7.5.EUS RedHat qpid-proton-0:0.16.0-14.el7sat *
Satellite Tools 6.4 for RHEL 7.6.AUS RedHat qpid-proton-0:0.16.0-14.el7sat *
Satellite Tools 6.4 for RHEL 7.6.E4S RedHat qpid-proton-0:0.16.0-14.el7sat *
Satellite Tools 6.4 for RHEL 7.6.EUS RedHat qpid-proton-0:0.16.0-14.el7sat *
Satellite Tools 6.4 for RHEL 7.6.TUS RedHat qpid-proton-0:0.16.0-14.el7sat *
Satellite Tools 6.5 for RHEL 5.9.AUS RedHat qpid-proton-0:0.9-22.el5 *
Satellite Tools 6.5 for RHEL 5.ELS RedHat qpid-proton-0:0.9-22.el5 *
Satellite Tools 6.5 for RHEL 6 RedHat qpid-proton-0:0.16.0-14.el6sat *
Satellite Tools 6.5 for RHEL 7 RedHat qpid-proton-0:0.28.0-1.el7 *
Satellite Tools 6.5 for RHEL 7.2.AUS RedHat qpid-proton-0:0.28.0-1.el7 *
Satellite Tools 6.5 for RHEL 7.2.E4S RedHat qpid-proton-0:0.28.0-1.el7 *
Satellite Tools 6.5 for RHEL 7.2.TUS RedHat qpid-proton-0:0.28.0-1.el7 *
Satellite Tools 6.5 for RHEL 7.3.AUS RedHat qpid-proton-0:0.28.0-1.el7 *
Satellite Tools 6.5 for RHEL 7.3.E4S RedHat qpid-proton-0:0.28.0-1.el7 *
Satellite Tools 6.5 for RHEL 7.3.TUS RedHat qpid-proton-0:0.28.0-1.el7 *
Satellite Tools 6.5 for RHEL 7.4.AUS RedHat qpid-proton-0:0.28.0-1.el7 *
Satellite Tools 6.5 for RHEL 7.4.E4S RedHat qpid-proton-0:0.28.0-1.el7 *
Satellite Tools 6.5 for RHEL 7.4.EUS RedHat qpid-proton-0:0.28.0-1.el7 *
Satellite Tools 6.5 for RHEL 7.4.TUS RedHat qpid-proton-0:0.28.0-1.el7 *
Satellite Tools 6.5 for RHEL 7.5.EUS RedHat qpid-proton-0:0.28.0-1.el7 *
Satellite Tools 6.5 for RHEL 7.6.AUS RedHat qpid-proton-0:0.28.0-1.el7 *
Satellite Tools 6.5 for RHEL 7.6.E4S RedHat qpid-proton-0:0.28.0-1.el7 *
Satellite Tools 6.5 for RHEL 7.6.EUS RedHat qpid-proton-0:0.28.0-1.el7 *
Satellite Tools 6.5 for RHEL 7.6.TUS RedHat qpid-proton-0:0.28.0-1.el7 *
Satellite Tools 6.5 for RHEL 8 RedHat qpid-proton-0:0.28.0-1.el8 *
Qpid-proton Ubuntu bionic *
Qpid-proton Ubuntu cosmic *
Qpid-proton Ubuntu xenial *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use