Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-7404

OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform.

Published

2019-06-21T14:15:10.430

Last Modified

2024-11-21T02:57:55.860

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	openstack	magnum	-	Yes

References

https://bugs.launchpad.net/magnum/+bug/1620536 Broken Link, Issue Tracking, Third Party Advisory ([email protected])
https://bugzilla.suse.com/show_bug.cgi?id=998182 Issue Tracking, Patch, Third Party Advisory ([email protected])
https://opendev.org/openstack/magnum/commit/0bb0d6486d6771ee21bbf897a091b1aa59e01b22 Patch, Third Party Advisory ([email protected])
https://www.securityfocus.com/bid/98467 Third Party Advisory, VDB Entry ([email protected])
https://bugs.launchpad.net/magnum/+bug/1620536 Broken Link, Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.suse.com/show_bug.cgi?id=998182 Issue Tracking, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://opendev.org/openstack/magnum/commit/0bb0d6486d6771ee21bbf897a091b1aa59e01b22 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.securityfocus.com/bid/98467 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)