Launchpad.net

CVE 2016-7404

OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform.

Related bugs and status

CVE-2016-7404 (Candidate) is related to these bugs:

Bug #1706318: [SRU] magnum 4.1.3

		In	Importance	Status
1706318	[SRU] magnum 4.1.3	Ubuntu Cloud Archive	Medium	Fix Released
1706318	[SRU] magnum 4.1.3	Ubuntu Cloud Archive pike	Medium	Fix Released
1706318	[SRU] magnum 4.1.3	Ubuntu Cloud Archive ocata	Medium	Fix Released
1706318	[SRU] magnum 4.1.3	magnum (Ubuntu)	Medium	Fix Released
1706318	[SRU] magnum 4.1.3	magnum (Ubuntu Zesty)	Medium	Fix Committed
1706318	[SRU] magnum 4.1.3	magnum (Ubuntu Artful)	Medium	Fix Released

Bug #1996237: add cluster_user_trust option in magnum.conf

		In	Importance	Status
1996237	add cluster_user_trust option in magnum.conf	OpenStack Magnum Charm	High	Fix Committed
1996237	add cluster_user_trust option in magnum.conf	OpenStack Magnum Charm victoria	Undecided	Fix Committed
1996237	add cluster_user_trust option in magnum.conf	OpenStack Magnum Charm 2023.1	Undecided	Fix Committed
1996237	add cluster_user_trust option in magnum.conf	OpenStack Magnum Charm yoga	Undecided	Fix Committed
1996237	add cluster_user_trust option in magnum.conf	OpenStack Magnum Charm ussuri	Undecided	Fix Committed
1996237	add cluster_user_trust option in magnum.conf	OpenStack Magnum Charm xena	Undecided	Fix Committed
1996237	add cluster_user_trust option in magnum.conf	OpenStack Magnum Charm zed	Undecided	Fix Committed
1996237	add cluster_user_trust option in magnum.conf	OpenStack Magnum Charm wallaby	Undecided	Fix Committed
1996237	add cluster_user_trust option in magnum.conf	OpenStack Charm Guide	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2016-7404

Related bugs and status

Related bugs

References