Candidate: CVE-2016-7404
PublicDate: 2019-06-21 14:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7404
 https://git.openstack.org/cgit/openstack/magnum/commit/?id=0bb0d6486d6771ee21bbf897a091b1aa59e01b22
Description:
 OpenStack Magnum passes OpenStack credentials into the Heat templates
 creating its instances. While these should just be used for retrieving the
 instances' SSL certificates, they allow full API access, though and can be
 used to perform any API operation the user is authorized to perform.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_magnum:
 upstream: https://git.openstack.org/cgit/openstack/magnum/commit/?id=0bb0d6486d6771ee21bbf897a091b1aa59e01b22
upstream_magnum: needed
precise/esm_magnum: DNE
trusty_magnum: DNE
trusty/esm_magnum: DNE
vivid/stable-phone-overlay_magnum: DNE
vivid/ubuntu-core_magnum: DNE
xenial_magnum: ignored (end of standard support, was needed)
yakkety_magnum: ignored (reached end-of-life)
zesty_magnum: ignored (reached end-of-life)
artful_magnum: ignored (reached end-of-life)
bionic_magnum: not-affected (3.1.1-5)
cosmic_magnum: not-affected (3.1.1-5)
disco_magnum: not-affected (3.1.1-5)
eoan_magnum: not-affected (3.1.1-5)
focal_magnum: not-affected (3.1.1-5)
groovy_magnum: not-affected (3.1.1-5)
hirsute_magnum: not-affected (3.1.1-5)
impish_magnum: not-affected (3.1.1-5)
jammy_magnum: not-affected (3.1.1-5)
devel_magnum: not-affected (3.1.1-5)