OpenStack magnum vulnerable to time-of-check to time-of-use (TOCTOU) attack · CVE-2024-28718 · GitHub Advisory Database · GitHub

OpenStack magnum vulnerable to time-of-check to time-of-use (TOCTOU) attack

Moderate severity GitHub Reviewed Published Apr 12, 2024 to the GitHub Advisory Database • Updated Apr 12, 2024

Package

magnum (pip)

Affected versions

< 14.1.2

>= 17.0.0.0rc1, < 17.0.2

>= 16.0.0.0rc1, < 16.0.2

>= 15.0.0.0rc1, < 15.0.2

Patched versions

14.1.2

17.0.2

16.0.2

15.0.2

Description

An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the cert_manager.py. component.

References

Published by the National Vulnerability Database

Apr 12, 2024

Published to the GitHub Advisory Database Apr 12, 2024

Reviewed Apr 12, 2024

Last updated Apr 12, 2024

Severity

Moderate

6.3

/ 10

CVSS base metrics

Attack vector

Local

Attack complexity

High

Privileges required

Low

User interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N