CVE-2016-7404

Published: Jun 21, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform.

Affected (1)

Products: Openstack: Magnum

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Openstack Magnum	All versions

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (8)

https://bugs.launchpad.net/magnum/+bug/1620536

Source: cve@mitre.org

Broken LinkIssue TrackingThird Party Advisory

https://bugzilla.suse.com/show_bug.cgi?id=998182

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

https://opendev.org/openstack/magnum/commit/0bb0d6486d6771ee21bbf897a091b1aa59e01b22

Source: cve@mitre.org

PatchThird Party Advisory

https://www.securityfocus.com/bid/98467

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://bugs.launchpad.net/magnum/+bug/1620536

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkIssue TrackingThird Party Advisory

https://bugzilla.suse.com/show_bug.cgi?id=998182

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://opendev.org/openstack/magnum/commit/0bb0d6486d6771ee21bbf897a091b1aa59e01b22

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://www.securityfocus.com/bid/98467

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.