Описание
OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform.
Ссылки
- Broken LinkIssue TrackingThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- PatchThird Party Advisory
- Third Party AdvisoryVDB Entry
- Broken LinkIssue TrackingThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- PatchThird Party Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:openstack:magnum:-:*:*:*:*:*:*:*
EPSS
Процентиль: 86%
0.02859
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 9.8
ubuntu
больше 6 лет назад
OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform.
CVSS3: 9.8
debian
больше 6 лет назад
OpenStack Magnum passes OpenStack credentials into the Heat templates ...
EPSS
Процентиль: 86%
0.02859
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-200