octavia

PyPI3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting octaviapage 1 of 1

CVE-2018-16856MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.0.3
2019-03-26
vulnerable: 0.10.0 ... 3.0.1 (28 versions)
In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information…
CVE-2019-17134CRITICALCVSS 9.1EG 9.1✓ Fixed in 4.1.0
2019-10-08
vulnerable: 4.0.0, 4.0.1
Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration comma…
CVE-2019-3895HIGHCVSS 8.0EG 8.0✓ Fixed in 0.9.0
2019-06-03
vulnerable: 0.5.2, 0.8.0, 0.8.1
An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote atta…

Check whether octavia is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for octavia CVEs against the assets you own.

Start Free Scan →