← Back

Magnum

magnum

Vendor: Openstack • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-28718
1Openstack
1Magnum
Jun 17, 2025
Apr 12, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the cert_manager.py. component.
CVE-2016-7404
1Openstack
1Magnum
Nov 21, 2024
Jun 21, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be...Show more
OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform.Show less