octavia@1.0.0.0b1 vulnerabilities

OpenStack Octavia Scalable Load Balancer as a Service

latest version

14.0.0
latest non vulnerable version

14.0.0
first published

9 years ago
latest version published

a month ago
licenses detected
- Apache-2.0
  [0,)
View octavia package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the octavia package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Information Exposure octavia is an operator-grade reference implementation for Load Balancing as a Service (LBaaS) for OpenStack. Affected versions of this package are vulnerable to Information Exposure due to log files that may expose sensitive information such as private keys. How to fix Information Exposure? Upgrade `octavia` to version 2.0.3, 3.0.2 or higher.	[,2.0.3) [3.0.0.0b1,3.0.2)
M Improper Certificate Validation octavia is an operator-grade reference implementation for Load Balancing as a Service (LBaaS) for OpenStack. Affected versions of this package are vulnerable to Improper Certificate Validation. This allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the `cmd/agent.py gunicorn cert_reqs` option is `True` but is supposed to be `ssl.CERT_REQUIRED`. How to fix Improper Certificate Validation? Upgrade `octavia` to version 2.1.2, 3.2.0, 4.1.0 or higher.	[0.10.0,2.1.2) [3.0.0,3.2.0) [4.0.0,4.1.0)

Information Exposure

octavia is an operator-grade reference implementation for Load Balancing as a Service (LBaaS) for OpenStack.

Affected versions of this package are vulnerable to Information Exposure due to log files that may expose sensitive information such as private keys.

How to fix Information Exposure?

Upgrade octavia to version 2.0.3, 3.0.2 or higher.

[,2.0.3) [3.0.0.0b1,3.0.2)

Improper Certificate Validation

octavia is an operator-grade reference implementation for Load Balancing as a Service (LBaaS) for OpenStack.

Affected versions of this package are vulnerable to Improper Certificate Validation. This allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the cmd/agent.py gunicorn cert_reqs option is True but is supposed to be ssl.CERT_REQUIRED.

How to fix Improper Certificate Validation?

Upgrade octavia to version 2.1.2, 3.2.0, 4.1.0 or higher.

[0.10.0,2.1.2) [3.0.0,3.2.0) [4.0.0,4.1.0)

Go back to all versions of this package

octavia@1.0.0.0b1 vulnerabilities

OpenStack Octavia Scalable Load Balancer as a Service

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities