CVE-2016-7404

Priority
Description
OpenStack Magnum passes OpenStack credentials into the Heat templates
creating its instances. While these should just be used for retrieving the
instances' SSL certificates, they allow full API access, though and can be
used to perform any API operation the user is authorized to perform.
Notes
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (3.1.1-5)
Ubuntu 19.10 (Eoan Ermine):not-affected (3.1.1-5)
Ubuntu 20.04 (Focal Fossa):not-affected (3.1.1-5)
Patches:
Upstream:https://git.openstack.org/cgit/openstack/magnum/commit/?id=0bb0d6486d6771ee21bbf897a091b1aa59e01b22
More Information

Updated: 2020-04-24 03:33:32 UTC (commit d3f8a6ed481830fb100109a132bef581fc4176fe)