2 matches found
CVE-2016-7404
CVE-2016-7404 affects OpenStack Magnum where credentials are passed into Heat templates for instance creation. The underlying issue is that these credentials, intended for SSL certificate retrieval, can be exploited to perform any API operation the user is authorized to perform, enabling full API...
CVE-2024-28718
CVE-2024-28718 affects the OpenStack Magnum yoga-eom release. A vulnerability in the cert_manager.py component allows a remote attacker to execute arbitrary code, described as a remote code execution issue. Multiple connected sources characterize this as a high-severity flaw (CVSS v3.1: 9.8, Netw...