This security bulletin contains one low risk vulnerability.
Exploit availability: NoDescription
The vulnerability allows a remote attacker to gain unauthorized access to sensitive information.
The vulnerability exists due to improper access restrictions within "_extract_amp_image_id_by_tag" in "octavia/compute/drivers/nova_driver.py" that does not filter images and used images owned by pre-defined tenant. A remote non-privileged user can tag an image with the 'amphora' tag and set it to "public=true" to gain unauthorized access to lb-mgmt network.Mitigation
Install updates from vendor's website.Vulnerable software versions
Octavia: 0.8.0 - 0.8.1
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?