PT-2019-7842 · Openstack · Openstack Magnum
Johannes Grassler
·
Publicado
2017-05-10
·
Atualizado
2022-05-24
·
CVE-2016-7404
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
OpenStack Magnum (affected versions not specified)
Description
The issue allows full API access, enabling any API operation the user is authorized to perform, as OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. These credentials are intended for retrieving the instances' SSL certificates but can be exploited for broader access.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Openstack Magnum