Public Date:
1694608: CVE-2019-3895 openstack-tripleo-common: Allows running new amphorae based on arbitrary images
An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested to spawn new amphorae, Octavia would then pick up the compromised image.

Find out more about CVE-2019-3895 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score 5.5
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction Required
Scope Unchanged
Confidentiality Low
Integrity Impact Low
Availability Impact Low

Red Hat Security Errata

Platform Errata Release Date
Red Hat OpenStack Platform 13.0 (Queens) (openstack-tripleo-common) RHSA-2019:1742 2019-07-10
Red Hat OpenStack Platform 14.0 (Rocky) (openstack-tripleo-common) RHSA-2019:1683 2019-07-02


This issue was discovered by Carlos Goncalves (Red Hat).


To prevent this vulnerability:
1. Update Octavia's configuration setting (octavia.conf) to `amp_image_owner_id = $UUID_OF_SERVICE_PROJECT` on all Octavia nodes.
2. Enable the new configuration by restarting both `octavia_worker` and `octavia_health_manager`.

Last Modified