Multiple potential vulnerabilities were found in openstack-magnum.
* Permissions for /etc/sysconfig/heat-params inside Magnum created instances were 0755
* The cluster's Keystone trust id was passed into instances for clusters where it was not needed.
* Clusters that need trust_id to be passed into instances to work could be created.
Fixed in magnum 3.2.0- https://docs.openstack.org/releasenotes/magnum/newton.html
Created openstack-magnum tracking bugs for this issue:
Affects: openstack-rdo [bug 1455030]