OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HOpenstack Magnum
APPOpenstackwszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References
Related vulnerabilities
CVE-2024-28718CRITICAL9.8PL ✓ten sam produkt
RCE w OpenStack Magnum — podatność w komponencie cert_manager.py
CVE-2026-28370CRITICAL9.1PL ✓ten sam vendor
RCE w OpenStack Vitrage — wykonanie kodu przez parser zapytań API
CVE-2021-38598CRITICAL9.1ten sam vendor
OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the...
CVE-2020-26943CRITICAL9.9ten sam vendor
An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access...
CVE-2013-2166CRITICAL9.8ten sam vendor
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass