CVE-2016-7404
Openstack Magnum Unsafe Credential Handling
9.8
CRITICAL
CVSS 3.1
EPSS 0.33%
Description
OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform.
How to fix CVE-2016-7404
To remediate CVE-2016-7404, upgrade the affected package to a fixed version below.
- —upgrade to 3.1.1-5 or later
- —upgrade to 5.0.0 or later
Is CVE-2016-7404 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 3.1.1-5
- from 0, < 5.0.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |