A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a man-in-the-middle (MITM) attack.
The product does not validate, or incorrectly validates, a certificate.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Openstack_platform | Redhat | 16.1 (including) | 16.1 (including) |
| Openstack_platform | Redhat | 16.2 (including) | 16.2 (including) |
| Openstack_platform | Redhat | 17.1 (including) | 17.1 (including) |
| Red Hat OpenStack Platform 17.1 for RHEL 8 | RedHat | openstack-tripleo-common-0:15.4.1-17.1.20240911093743.e5b18f2.el8ost | * |
| Red Hat OpenStack Platform 17.1 for RHEL 8 | RedHat | python-tripleoclient-0:16.5.1-17.1.20240913093745.f3599d0.el8ost | * |
| Red Hat OpenStack Platform 17.1 for RHEL 9 | RedHat | openstack-tripleo-common-0:15.4.1-17.1.20240911100820.e5b18f2.el9ost | * |
| Red Hat OpenStack Platform 17.1 for RHEL 9 | RedHat | python-tripleoclient-0:16.5.1-17.1.20240913100806.f3599d0.el9ost | * |