CVE-2016-7404

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-7404
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-7404.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-7404
Aliases
Related
Published
2019-06-21T14:15:10Z
Modified
2024-11-21T02:57:55Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform.

References

Affected packages

Debian:11 / magnum

Package

Name
magnum
Purl
pkg:deb/debian/magnum?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.1-5

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / magnum

Package

Name
magnum
Purl
pkg:deb/debian/magnum?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.1-5

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / magnum

Package

Name
magnum
Purl
pkg:deb/debian/magnum?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.1-5

Ecosystem specific 

{
    "urgency": "not yet assigned"
}