A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a man-in-the-middle (MITM) attack.
Weakness
The product does not validate, or incorrectly validates, a certificate.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Openstack_platform | Redhat | 16.1 (including) | 16.1 (including) |
| Openstack_platform | Redhat | 16.2 (including) | 16.2 (including) |
| Openstack_platform | Redhat | 17.1 (including) | 17.1 (including) |
| Red Hat OpenStack Platform 17.1 for RHEL 8 | RedHat | openstack-tripleo-common-0:15.4.1-17.1.20240911093743.e5b18f2.el8ost | * |
| Red Hat OpenStack Platform 17.1 for RHEL 8 | RedHat | python-tripleoclient-0:16.5.1-17.1.20240913093745.f3599d0.el8ost | * |
| Red Hat OpenStack Platform 17.1 for RHEL 9 | RedHat | openstack-tripleo-common-0:15.4.1-17.1.20240911100820.e5b18f2.el9ost | * |
| Red Hat OpenStack Platform 17.1 for RHEL 9 | RedHat | python-tripleoclient-0:16.5.1-17.1.20240913100806.f3599d0.el9ost | * |