Medium severity4.7NVD Advisory· Published Sep 10, 2018· Updated Jun 17, 2026

CVE-2018-14620

Description

The OpenStack RabbitMQ container image insecurely retrieves the rabbitmq_clusterer component over HTTP during the build stage. This could potentially allow an attacker to serve malicious code to the image builder and install in the resultant container image. Version of openstack-rabbitmq-container and openstack-containers as shipped with Red Hat Openstack 12, 13, 14 are believed to be vulnerable.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Red Hat/openstack-rabbitmq-containerllm-fuzzy2 versions
(expand)+ 1 more
- (no CPE)
- (no CPE)range: 12, 13, 14
Red Hat/openstack-containersllm-fuzzy

Patches

Vulnerability mechanics

References

access.redhat.com/errata/RHSA-2018:2721nvdVendor Advisory
access.redhat.com/errata/RHSA-2018:2729nvdVendor Advisory
bugzilla.redhat.com/show_bug.cginvdIssue TrackingVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.306
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000