OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform.
References
Link | Resource |
---|---|
https://bugs.launchpad.net/magnum/+bug/1620536 | Broken Link Issue Tracking Third Party Advisory |
https://bugzilla.suse.com/show_bug.cgi?id=998182 | Issue Tracking Patch Third Party Advisory |
https://opendev.org/openstack/magnum/commit/0bb0d6486d6771ee21bbf897a091b1aa59e01b22 | Patch Third Party Advisory |
https://www.securityfocus.com/bid/98467 | Third Party Advisory VDB Entry |
Configurations
History
No history.
Information
Published : 2019-06-21 14:15
Updated : 2024-02-28 17:08
NVD link : CVE-2016-7404
Mitre link : CVE-2016-7404
CVE.ORG link : CVE-2016-7404
JSON object : View
Products Affected
openstack
- magnum
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor