CRITICAL🇵🇱 Wersja polska

CVE-2016-7404

CVSS 9.8v3.0pub. 2019-06-21upd. 2024-11-21

OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Openstack Magnum

    APP
    Openstack
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-28718CRITICAL9.8PL ✓ten sam produkt

RCE w OpenStack Magnum — podatność w komponencie cert_manager.py

CVE-2026-28370CRITICAL9.1PL ✓ten sam vendor

RCE w OpenStack Vitrage — wykonanie kodu przez parser zapytań API

CVE-2021-38598CRITICAL9.1ten sam vendor

OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the...

CVE-2020-26943CRITICAL9.9ten sam vendor

An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access...

CVE-2013-2166CRITICAL9.8ten sam vendor

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass