CVE-2024-4437

May 8, 2024, 1:15 p.m.

7.5
High

Description

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2021-44716. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead.

Product(s) Impacted

Product Versions
Red Hat OpenStack platform
Red Hat OpenStack

Weaknesses

References

https://access.redhat.com/security/cve/CVE-2024-4437
https://bugzilla.redhat.com/show_bug.cgi?id=2279361

Tags

secalert@redhat.com
CWE-400
2024-05-08
CVE-2024-4437

CVSS Score

7.5 / 10

CVSS Data

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: HIGH
    • View Vector String

    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Date

  • Published: May 8, 2024, 9:15 a.m.
  • Last Modified: May 8, 2024, 1:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

secalert@redhat.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.