CRITICAL🇵🇱 Wersja polska

CVE-2024-28718

CVSS 9.8v3.1pub. 2024-04-12upd. 2025-06-17

An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the cert_manager.py. component.

🤖 AI Analysis
How it works

The vulnerability classified as CWE-367 (Time-of-check Time-of-use, TOCTOU) is located in the cert_manager.py component responsible for certificate management in OpenStack Magnum. The flaw results from a race condition between the moment of object state verification and its actual use, allowing an attacker to manipulate the code execution flow. An attacker can invoke the vulnerable component remotely without needing any credentials, which corresponds to the attack vector AV:N/AC:L/PR:N/UI:N.

Impact

Successful exploitation of the vulnerability allows an attacker to execute arbitrary code remotely (RCE) on the server hosting the OpenStack Magnum service, which may lead to complete system takeover, disclosure of sensitive data, and compromise of the integrity and availability of the environment.

Mitigation & patch

Apply patches available from the vendor according to the references — fix available through code review at https://review.opendev.org/c/openstack/magnum/+/907305. It is recommended to update the OpenStack Magnum environment as soon as possible and monitor the activity of the cert_manager.py component until the patch is deployed.

Who is affected

OpenStack Magnum in yoga-eom version

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Openstack Magnum

    APP
    Openstack
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2016-7404CRITICAL9.8ten sam produkt

OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these shou...

CVE-2026-28370CRITICAL9.1PL ✓ten sam vendor

RCE w OpenStack Vitrage — wykonanie kodu przez parser zapytań API

CVE-2021-38598CRITICAL9.1ten sam vendor

OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the...

CVE-2020-26943CRITICAL9.9ten sam vendor

An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access...

CVE-2013-2166CRITICAL9.8ten sam vendor

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass