GHSA-jx7x-9r98-h5xr

Suggest an improvement
Source
https://github.com/advisories/GHSA-jx7x-9r98-h5xr
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-jx7x-9r98-h5xr/GHSA-jx7x-9r98-h5xr.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-jx7x-9r98-h5xr
Aliases
  • CVE-2024-28718
Published
2024-04-12T15:37:19Z
Modified
2024-04-12T21:42:04.006590Z
Severity
  • 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
OpenStack magnum vulnerable to time-of-check to time-of-use (TOCTOU) attack
Details

An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the cert_manager.py. component.

Database specific
{
    "nvd_published_at": "2024-04-12T13:15:15Z",
    "cwe_ids": [
        "CWE-367"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-12T21:21:50Z"
}
References

Affected packages

PyPI / magnum

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
14.1.2

Affected versions

5.*

5.0.2

6.*

6.3.0

7.*

7.0.1
7.0.2
7.1.0
7.2.0

8.*

8.0.0.0rc1
8.0.0.0rc2
8.0.0
8.1.0
8.2.0
8.2.1

9.*

9.0.0.0rc1
9.0.0.0rc2
9.0.0
9.1.0
9.2.0
9.3.0
9.4.0
9.4.1

10.*

10.0.0.0rc1
10.0.0.0rc2
10.0.0
10.1.0

11.*

11.0.0.0rc1
11.0.0
11.1.0
11.1.1
11.2.0
11.2.1

12.*

12.0.0.0rc1
12.0.0.0rc2
12.0.0
12.1.0
12.1.1

13.*

13.0.0.0rc1
13.0.0
13.1.0
13.1.1

14.*

14.0.0.0rc1
14.0.0.0rc2
14.0.0
14.1.0
14.1.1

PyPI / magnum

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
17.0.0.0rc1
Fixed
17.0.2

Affected versions

17.*

17.0.0.0rc1
17.0.0
17.0.1

PyPI / magnum

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
16.0.0.0rc1
Fixed
16.0.2

Affected versions

16.*

16.0.0.0rc1
16.0.0
16.0.1

PyPI / magnum

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
15.0.0.0rc1
Fixed
15.0.2

Affected versions

15.*

15.0.0.0rc1
15.0.0.0rc2
15.0.0
15.0.1