GHSA-jx7x-9r98-h5xr
Suggest an improvement- Source
- https://github.com/advisories/GHSA-jx7x-9r98-h5xr
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-jx7x-9r98-h5xr/GHSA-jx7x-9r98-h5xr.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-jx7x-9r98-h5xr
- Aliases
-
- CVE-2024-28718
- Published
- 2024-04-12T15:37:19Z
- Modified
- 2024-04-12T21:41:54.428919Z
- Severity
-
- 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- OpenStack magnum vulnerable to time-of-check to time-of-use (TOCTOU) attack
- Details
-
An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the cert_manager.py. component.
- Database specific
{ "github_reviewed": true, "cwe_ids": [ "CWE-367" ], "nvd_published_at": "2024-04-12T13:15:15Z", "github_reviewed_at": "2024-04-12T21:21:50Z", "severity": "MODERATE" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2024-28718
- https://github.com/openstack/magnum/commit/272fd686d8c8bf5954e9e7d3bc991ff27e46184d
- https://github.com/openstack/magnum/commit/312aa6a86ac8e62f6ed4f1e9473fdabbbb7a4b1e
- https://github.com/openstack/magnum/commit/883b40b5b0ecfc5f78758143c0d3c754458f12b7
- https://github.com/openstack/magnum/commit/e79907c521149872c1b495355a3a7b3a0c7e3479
- https://bugs.launchpad.net/magnum/+bug/2047690
- https://gist.github.com/Fewword/f098d8d6375ac25e27b18c0e57be532f
- https://github.com/openstack/magnum
- https://review.opendev.org/c/openstack/magnum/+/907305
Affected packages
PyPI / magnum
Package
- Name
- magnum
- View open source insights on deps.dev
- Purl
- pkg:pypi/magnum
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed14.1.2
Affected versions
5.*
5.0.2
6.*
6.3.0
7.*
7.0.1
7.0.2
7.1.0
7.2.0
8.*
8.0.0.0rc1
8.0.0.0rc2
8.0.0
8.1.0
8.2.0
8.2.1
9.*
9.0.0.0rc1
9.0.0.0rc2
9.0.0
9.1.0
9.2.0
9.3.0
9.4.0
9.4.1
10.*
10.0.0.0rc1
10.0.0.0rc2
10.0.0
10.1.0
11.*
11.0.0.0rc1
11.0.0
11.1.0
11.1.1
11.2.0
11.2.1
12.*
12.0.0.0rc1
12.0.0.0rc2
12.0.0
12.1.0
12.1.1
13.*
13.0.0.0rc1
13.0.0
13.1.0
13.1.1
14.*
14.0.0.0rc1
14.0.0.0rc2
14.0.0
14.1.0
14.1.1
PyPI / magnum
Package
- Name
- magnum
- View open source insights on deps.dev
- Purl
- pkg:pypi/magnum
PyPI / magnum
Package
- Name
- magnum
- View open source insights on deps.dev
- Purl
- pkg:pypi/magnum
PyPI / magnum
Package
- Name
- magnum
- View open source insights on deps.dev
- Purl
- pkg:pypi/magnum