VDB

CVE-2024-4437

CVE-2024-4437 PUBLISHED

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2021-44716. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead.

EPSS 0.06% · 18.8th percentile

Risk Scores

EPSS Score
0.06%
18.8th percentile

Affected Products

VendorProductVersions
3.3.23
Red HatRed Hat OpenStack Platform 16.20:3.3.23-16.el8ost
Red HatRed Hat OpenStack Platform 17.1
Red HatRed Hat OpenStack Platform 16.10:3.3.23-16.el8ost
Red HatRed Hat OpenStack Platform 18.0

Timeline

  • May 8, 2024 CVE Published
  • May 9, 2024 EPSS Score
  • Jun 2, 2024 EPSS Score
  • Jun 27, 2024 EPSS Score
  • Jul 21, 2024 EPSS Score
  • Aug 14, 2024 EPSS Score
  • Sep 8, 2024 EPSS Score
  • Oct 2, 2024 EPSS Score
  • Oct 4, 2024 Coalition ESS Score
  • Oct 26, 2024 EPSS Score
  • Nov 19, 2024 EPSS Score
  • Dec 14, 2024 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›