CVE-2016-7404 – openstack-magnum

Package

Manager: pip
Name: openstack-magnum
Vulnerable Version: >=0 <5.0.0

Severity

Level: Critical

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.02859 pctl0.85732

Details

Openstack Magnum Unsafe Credential Handling OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform.

Metadata

Created: 2022-05-24T16:48:34Z
Modified: 2023-07-27T23:20:45Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-793v-r35j-9rp9/GHSA-793v-r35j-9rp9.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-793v-r35j-9rp9
Finding: F017
Auto approve: 1