Multiple potential vulnerabilities were found in openstack-magnum. * Permissions for /etc/sysconfig/heat-params inside Magnum created instances were 0755 * The cluster's Keystone trust id was passed into instances for clusters where it was not needed. * Clusters that need trust_id to be passed into instances to work could be created. Upstream patch: https://git.openstack.org/cgit/openstack/magnum/commit/?id=0bb0d6486d6771ee21bbf897a091b1aa59e01b22
Fixed in magnum 3.2.0- https://docs.openstack.org/releasenotes/magnum/newton.html
Created openstack-magnum tracking bugs for this issue: Affects: openstack-rdo [bug 1455030]