CVE 2016-7404
OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform.
Related bugs and status
CVE-2016-7404 (Candidate) is related to these bugs:
Bug #1706318: [SRU] magnum 4.1.3
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1706318 | [SRU] magnum 4.1.3 | Ubuntu Cloud Archive | Medium | Fix Released | ||
1706318 | [SRU] magnum 4.1.3 | Ubuntu Cloud Archive pike | Medium | Fix Released | ||
1706318 | [SRU] magnum 4.1.3 | Ubuntu Cloud Archive ocata | Medium | Fix Released | ||
1706318 | [SRU] magnum 4.1.3 | magnum (Ubuntu) | Medium | Fix Released | ||
1706318 | [SRU] magnum 4.1.3 | magnum (Ubuntu Zesty) | Medium | Fix Committed | ||
1706318 | [SRU] magnum 4.1.3 | magnum (Ubuntu Artful) | Medium | Fix Released |
Bug #1996237: add cluster_user_trust option in magnum.conf
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1996237 | add cluster_user_trust option in magnum.conf | OpenStack Magnum Charm | High | Fix Committed | ||
1996237 | add cluster_user_trust option in magnum.conf | OpenStack Magnum Charm victoria | Undecided | Fix Committed | ||
1996237 | add cluster_user_trust option in magnum.conf | OpenStack Magnum Charm 2023.1 | Undecided | Fix Committed | ||
1996237 | add cluster_user_trust option in magnum.conf | OpenStack Magnum Charm yoga | Undecided | Fix Committed | ||
1996237 | add cluster_user_trust option in magnum.conf | OpenStack Magnum Charm ussuri | Undecided | Fix Committed | ||
1996237 | add cluster_user_trust option in magnum.conf | OpenStack Magnum Charm xena | Undecided | Fix Committed | ||
1996237 | add cluster_user_trust option in magnum.conf | OpenStack Magnum Charm zed | Undecided | Fix Committed | ||
1996237 | add cluster_user_trust option in magnum.conf | OpenStack Magnum Charm wallaby | Undecided | Fix Committed | ||
1996237 | add cluster_user_trust option in magnum.conf | OpenStack Charm Guide | Undecided | Fix Released |
See the
CVE page on Mitre.org
for more details.