UBUNTU-CVE-2016-7404

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2016-7404

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-7404.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2016-7404

Related

CVE-2016-7404

Published

2019-06-21T14:15:00Z

Modified

2025-01-13T10:21:16Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform.

References

Affected packages

Ubuntu:Pro:16.04:LTS / magnum

Package

Name: magnum
Purl: pkg:deb/ubuntu/magnum@2.0.0-4ubuntu1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.0~b1-5

2.*

2.0.0-4ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}