Vulnerability Description
OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openstack | Magnum | - |
Related Weaknesses (CWE)
References
- https://bugs.launchpad.net/magnum/+bug/1620536Broken LinkIssue TrackingThird Party Advisory
- https://bugzilla.suse.com/show_bug.cgi?id=998182Issue TrackingPatchThird Party Advisory
- https://opendev.org/openstack/magnum/commit/0bb0d6486d6771ee21bbf897a091b1aa59e0PatchThird Party Advisory
- https://www.securityfocus.com/bid/98467Third Party AdvisoryVDB Entry
- https://bugs.launchpad.net/magnum/+bug/1620536Broken LinkIssue TrackingThird Party Advisory
- https://bugzilla.suse.com/show_bug.cgi?id=998182Issue TrackingPatchThird Party Advisory
- https://opendev.org/openstack/magnum/commit/0bb0d6486d6771ee21bbf897a091b1aa59e0PatchThird Party Advisory
- https://www.securityfocus.com/bid/98467Third Party AdvisoryVDB Entry
FAQ
What is CVE-2016-7404?
CVE-2016-7404 is a vulnerability with a CVSS score of 9.8 (CRITICAL). OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access...
How severe is CVE-2016-7404?
CVE-2016-7404 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-7404?
Check the references section above for vendor advisories and patch information. Affected products include: Openstack Magnum.