Homepage

octavia@2.0.0.0rc2 vulnerabilities

OpenStack Octavia Scalable Load Balancer as a Service

  • latest version

    15.0.0

  • latest non vulnerable version

    15.0.0

  • first published

    9 years ago

  • latest version published

    2 months ago

  • licenses detected

  • View octavia package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the octavia package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Information Exposure

    octavia is an operator-grade reference implementation for Load Balancing as a Service (LBaaS) for OpenStack.

    Affected versions of this package are vulnerable to Information Exposure due to log files that may expose sensitive information such as private keys.

    How to fix Information Exposure?

    Upgrade octavia to version 2.0.3, 3.0.2 or higher.

    [,2.0.3)[3.0.0.0b1,3.0.2)
    • M
    Improper Certificate Validation

    octavia is an operator-grade reference implementation for Load Balancing as a Service (LBaaS) for OpenStack.

    Affected versions of this package are vulnerable to Improper Certificate Validation. This allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the cmd/agent.py gunicorn cert_reqs option is True but is supposed to be ssl.CERT_REQUIRED.

    How to fix Improper Certificate Validation?

    Upgrade octavia to version 2.1.2, 3.2.0, 4.1.0 or higher.

    [0.10.0,2.1.2)[3.0.0,3.2.0)[4.0.0,4.1.0)
    Go back to all versions of this package