VDB
EN
CRITICAL 9.1

PYSEC-2026-433

OpenStack Octavia Amphora-Agent not requiring Client-Certificate

상세

Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the `cmd/agent.py` gunicorn cert_reqs option is True but is supposed to be ssl.CERT_REQUIRED.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / octavia
최초 영향 버전: 0.10.0 수정 버전: 2.1.2
수정 pip install --upgrade 'octavia>=2.1.2'

참고