CVE-2024-28718: OpenStack magnum vulnerable to time-of-check to time-of-use (TOCTOU) attack
An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the cert_manager.py. component.
References
- bugs.launchpad.net/magnum/+bug/2047690
- gist.github.com/Fewword/f098d8d6375ac25e27b18c0e57be532f
- github.com/advisories/GHSA-jx7x-9r98-h5xr
- github.com/openstack/magnum
- github.com/openstack/magnum/commit/272fd686d8c8bf5954e9e7d3bc991ff27e46184d
- github.com/openstack/magnum/commit/312aa6a86ac8e62f6ed4f1e9473fdabbbb7a4b1e
- github.com/openstack/magnum/commit/883b40b5b0ecfc5f78758143c0d3c754458f12b7
- github.com/openstack/magnum/commit/e79907c521149872c1b495355a3a7b3a0c7e3479
- nvd.nist.gov/vuln/detail/CVE-2024-28718
- review.opendev.org/c/openstack/magnum/+/907305
Code Behaviors & Features
Detect and mitigate CVE-2024-28718 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →