Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 18/03/2024 Updated: 18/03/2024

In OpenStack Murano up to and including 16.0.0, when YAQL prior to 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information.

Debian Bug report logs - #1068459 murano: CVE-2024-29156 Package: src:murano; Maintainer for src:murano is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Fri, 5 Apr 2024 14:54:11 UTC Severity: important Tags: security, upstream Forwarded to bu ...

https://wiki.openstack.org/wiki/OSSN/OSSN-0093 https://launchpad.net/bugs/2048114 https://opendev.org/openstack/murano/tags https://opendev.org/openstack/yaql/commit/83e28324e1a0ce3970dd854393d2431123a909d3 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068459 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2024-29156

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect