octavia@0.8.0 vulnerabilities

OpenStack Octavia Scalable Load Balancer as a Service

latest version

14.0.0
latest non vulnerable version

14.0.0
first published

9 years ago
latest version published

a month ago
licenses detected
- Apache-2.0
  [0,)
View octavia package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the octavia package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Information Exposure octavia is an operator-grade reference implementation for Load Balancing as a Service (LBaaS) for OpenStack. Affected versions of this package are vulnerable to Information Exposure due to log files that may expose sensitive information such as private keys. How to fix Information Exposure? Upgrade `octavia` to version 2.0.3, 3.0.2 or higher.	[,2.0.3) [3.0.0.0b1,3.0.2)
L Incorrect Access Control octavia is an operator-grade reference implementation for Load Balancing as a Service (LBaaS) for OpenStack. Affected versions of this package are vulnerable to Incorrect Access Control. `_extract_amp_image_id_by_tag` within `octavia/compute/drivers/nova_driver.py` does not filter images and use images owned by pre-defined tenant. This could allow any non-admin tenant to tag an image with the 'amphora' tag and set it to `public=True`. Note: Exploitation of this vulnerability requires configuration of your instance to allow any tenant to post public images, which is not enabled in default configuration. How to fix Incorrect Access Control? Upgrade `octavia` to version 0.9.0 or higher.	[,0.9.0)

Information Exposure

octavia is an operator-grade reference implementation for Load Balancing as a Service (LBaaS) for OpenStack.

Affected versions of this package are vulnerable to Information Exposure due to log files that may expose sensitive information such as private keys.

How to fix Information Exposure?

Upgrade octavia to version 2.0.3, 3.0.2 or higher.

[,2.0.3) [3.0.0.0b1,3.0.2)

Incorrect Access Control

octavia is an operator-grade reference implementation for Load Balancing as a Service (LBaaS) for OpenStack.

Affected versions of this package are vulnerable to Incorrect Access Control. _extract_amp_image_id_by_tag within octavia/compute/drivers/nova_driver.py does not filter images and use images owned by pre-defined tenant. This could allow any non-admin tenant to tag an image with the 'amphora' tag and set it to public=True.

Note: Exploitation of this vulnerability requires configuration of your instance to allow any tenant to post public images, which is not enabled in default configuration.

How to fix Incorrect Access Control?

Upgrade octavia to version 0.9.0 or higher.

[,0.9.0)

Go back to all versions of this package

octavia@0.8.0 vulnerabilities

OpenStack Octavia Scalable Load Balancer as a Service

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities