Openstack · Openstack Magnum · CVE-2016-7404
**Name of the Vulnerable Software and Affected Versions**
OpenStack Magnum (affected versions not specified)
**Description**
The issue allows full API access, enabling any API operation the user is authorized to perform, as OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. These credentials are intended for retrieving the instances' SSL certificates but can be exploited for broader access.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.