Vulnerability DatabaseCVE-2024-28718
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2024-28718
April 12, 2024
An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the cert_manager.py. component.
Affected Packages
magnum (PYTHON):
Affected version(s) >=0.1 <14.1.2
Fix Suggestion:
Update to version 14.1.2
magnum (PYTHON):
Affected version(s) >=16.0.0.0rc1 <16.0.2
Fix Suggestion:
Update to version 16.0.2
magnum (PYTHON):
Affected version(s) >=17.0.0.0rc1 <17.0.2
Fix Suggestion:
Update to version 17.0.2
magnum (PYTHON):
Affected version(s) >=15.0.0.0rc1 <15.0.2
Fix Suggestion:
Update to version 15.0.2
Related Resources (9)
https://github.com/openstack/magnum/commit/312aa6a86ac8e62f6ed4f1e9473fdabbbb7a4b1e
https://github.com/openstack/magnum/commit/272fd686d8c8bf5954e9e7d3bc991ff27e46184d
https://review.opendev.org/c/openstack/magnum/+/907305
https://github.com/openstack/magnum/commit/883b40b5b0ecfc5f78758143c0d3c754458f12b7
https://nvd.nist.gov/vuln/detail/CVE-2024-28718
https://github.com/openstack/magnum
https://github.com/openstack/magnum/commit/e79907c521149872c1b495355a3a7b3a0c7e3479
https://gist.github.com/Fewword/f098d8d6375ac25e27b18c0e57be532f
https://bugs.launchpad.net/magnum/+bug/2047690
Do you need more information?
Contact Us
CVSS v4
Base Score:
9.3
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Weakness Type (CWE)
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE-367
EPSS
Base Score:
1.18