Products
Red Hat OpenStack platform
Red Hat OpenStack
Source
secalert@redhat.com
Tags
CVE-2024-4437 details
Published : May 8, 2024, 9:15 a.m.
Last Modified : May 8, 2024, 1:15 p.m.
Last Modified : May 8, 2024, 1:15 p.m.
Description
The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2021-44716. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7.5 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
Base Score
7.5
Exploitability Score
Impact Score
Base Severity
HIGH
Vector String : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References
URL | Source |
---|---|
https://access.redhat.com/security/cve/CVE-2024-4437 | secalert@redhat.com |
https://bugzilla.redhat.com/show_bug.cgi?id=2279361 | secalert@redhat.com |
This website uses the NVD API, but is not approved or certified by it.