cvedb.io
CVE-2018-14620
MEDIUM · CVSS 4.7
EPSS exploitation probability: 0%
Published 2018-09-10T19:29:00.190 · Last modified 2026-06-17T01:41:18.390

Summary

The OpenStack RabbitMQ container image insecurely retrieves the rabbitmq_clusterer component over HTTP during the build stage. This could potentially allow an attacker to serve malicious code to the image builder and install in the resultant container image. Version of openstack-rabbitmq-container and openstack-containers as shipped with Red Hat Openstack 12, 13, 14 are believed to be vulnerable.

Affected products

redhat — openstack

Does this affect you?

Add your gear to cvedb and we'll alert you only when redhat ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.