CVE-2016-7404
CRITICALOpenStack Magnum - Exposure of Sensitive Information via Heat Template Credential Handling
Title source: llmDescription
OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform.
References (4)
Core 4
Core References
Broken Link, Issue Tracking, Third Party Advisory x_refsource_misc
https://bugs.launchpad.net/magnum/+bug/1620536
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.suse.com/show_bug.cgi?id=998182
Third Party Advisory, VDB Entry x_refsource_misc
https://www.securityfocus.com/bid/98467
Patch, Third Party Advisory x_refsource_confirm
https://opendev.org/openstack/magnum/commit/0bb0d6486d6771ee21bbf897a091b1aa59e01b22
Scores
CVSS v3
9.8
EPSS
0.0033
EPSS Percentile
56.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-200
Status
published
Products (2)
openstack/magnum
pypi/openstack-magnum
0 - 5.0.0PyPI
Published
Jun 21, 2019
Tracked Since
Feb 18, 2026