Vulnerabilites related to openstack - murano
cve-2024-29156
Vulnerability from cvelistv5
Published
2024-03-18 00:00
Modified
2025-03-25 20:07
Severity ?
EPSS score ?
Summary
In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information.
References
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-29156", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-18T19:16:54.949618Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-116", description: "CWE-116 Improper Encoding or Escaping of Output", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-25T20:07:53.472Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:10:53.909Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://wiki.openstack.org/wiki/OSSN/OSSN-0093", }, { tags: [ "x_transferred", ], url: "https://launchpad.net/bugs/2048114", }, { tags: [ "x_transferred", ], url: "https://opendev.org/openstack/murano/tags", }, { tags: [ "x_transferred", ], url: "https://opendev.org/openstack/yaql/commit/83e28324e1a0ce3970dd854393d2431123a909d3", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-18T06:35:36.354Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://wiki.openstack.org/wiki/OSSN/OSSN-0093", }, { url: "https://launchpad.net/bugs/2048114", }, { url: "https://opendev.org/openstack/murano/tags", }, { url: "https://opendev.org/openstack/yaql/commit/83e28324e1a0ce3970dd854393d2431123a909d3", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-29156", datePublished: "2024-03-18T00:00:00.000Z", dateReserved: "2024-03-18T00:00:00.000Z", dateUpdated: "2025-03-25T20:07:53.472Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-4972
Vulnerability from cvelistv5
Published
2016-09-26 16:00
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
OpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), Murano-dashboard before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), and python-muranoclient before 0.7.3 (liberty) and 0.8.x before 0.8.5 (mitaka) improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files, which allows remote attackers to create arbitrary Python objects and execute arbitrary code via crafted extended YAML tags in UI definitions in packages.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/python-muranoclient/+bug/1586078 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/06/23/8 | mailing-list, x_refsource_MLIST | |
| https://bugs.launchpad.net/murano/+bug/1586079 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:46:40.056Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.launchpad.net/python-muranoclient/+bug/1586078", }, { name: "[oss-security] 20160623 RCE vulnerability in Openstack Murano using insecure YAML tags (CVE-2016-4972)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/06/23/8", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.launchpad.net/murano/+bug/1586079", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-06-23T00:00:00", descriptions: [ { lang: "en", value: "OpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), Murano-dashboard before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), and python-muranoclient before 0.7.3 (liberty) and 0.8.x before 0.8.5 (mitaka) improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files, which allows remote attackers to create arbitrary Python objects and execute arbitrary code via crafted extended YAML tags in UI definitions in packages.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-09-26T15:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.launchpad.net/python-muranoclient/+bug/1586078", }, { name: "[oss-security] 20160623 RCE vulnerability in Openstack Murano using insecure YAML tags (CVE-2016-4972)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/06/23/8", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.launchpad.net/murano/+bug/1586079", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-4972", datePublished: "2016-09-26T16:00:00", dateReserved: "2016-05-24T00:00:00", dateUpdated: "2024-08-06T00:46:40.056Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2016-09-26 16:59
Modified
2024-11-21 02:53
Severity ?
Summary
OpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), Murano-dashboard before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), and python-muranoclient before 0.7.3 (liberty) and 0.8.x before 0.8.5 (mitaka) improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files, which allows remote attackers to create arbitrary Python objects and execute arbitrary code via crafted extended YAML tags in UI definitions in packages.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2016/06/23/8 | Patch, Third Party Advisory | |
| secalert@redhat.com | https://bugs.launchpad.net/murano/+bug/1586079 | Patch, Vendor Advisory | |
| secalert@redhat.com | https://bugs.launchpad.net/python-muranoclient/+bug/1586078 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/06/23/8 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/murano/+bug/1586079 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/python-muranoclient/+bug/1586078 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openstack | mitaka-murano | * | |
| openstack | murano | * | |
| openstack | murano-dashboard | * | |
| openstack | python-muranoclient | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openstack:mitaka-murano:*:*:*:*:*:*:*:*", matchCriteriaId: "09948388-CA9A-4191-B95A-ADBCB19CCB22", versionEndIncluding: "2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:openstack:murano:*:*:*:*:*:*:*:*", matchCriteriaId: "DB02CDEA-71DC-44B3-B52F-81114EAFB693", versionEndIncluding: "1.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:openstack:murano-dashboard:*:*:*:*:*:*:*:*", matchCriteriaId: "39752097-2433-45A0-A4D9-6D828136E26B", versionEndIncluding: "1.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:openstack:python-muranoclient:*:*:*:*:*:*:*:*", matchCriteriaId: "CCC6B065-9FB6-451F-B679-6CEAB5E2B851", versionEndIncluding: "0.7.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), Murano-dashboard before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), and python-muranoclient before 0.7.3 (liberty) and 0.8.x before 0.8.5 (mitaka) improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files, which allows remote attackers to create arbitrary Python objects and execute arbitrary code via crafted extended YAML tags in UI definitions in packages.", }, { lang: "es", value: "OpenStack Murano en versiones anteriores a 1.0.3 (liberty) y 2.x en versiones anteriores a 2.0.1 (mitaka), Murano-dashboard en versiones anteriores a 1.0.3 (liberty) y 2.x en versiones anteriores a 2.0.1 (mitaka) y python-muranoclient en versiones anteriores a 0.7.3 (liberty) y 0.8.x en versiones anteriores a 0.8.5 (mitaka) no utiliza correctamente loaders heredados de yaml.Loader cuando se analizan sintácticamente archivos MuranoPL y UI, lo que permite a atacantes remotos crear objetos Python arbitrarios y ejecutar código arbitrario a través de etiquetas YAML extendidas manipuladas en definiciones UI en paquetes.", }, ], id: "CVE-2016-4972", lastModified: "2024-11-21T02:53:20.270", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-09-26T16:59:01.210", references: [ { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/06/23/8", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://bugs.launchpad.net/murano/+bug/1586079", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://bugs.launchpad.net/python-muranoclient/+bug/1586078", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/06/23/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://bugs.launchpad.net/murano/+bug/1586079", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://bugs.launchpad.net/python-muranoclient/+bug/1586078", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-03-18 07:15
Modified
2025-03-25 20:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openstack:murano:*:*:*:*:*:*:*:*", matchCriteriaId: "EF1912AF-D90E-47E5-8964-7DB9A611E940", versionEndIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:openstack:yaql:*:*:*:*:*:*:*:*", matchCriteriaId: "A6F49D33-63BF-4762-AE0D-4435A6E60C5F", versionEndExcluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information.", }, { lang: "es", value: "En OpenStack Murano hasta 16.0.0, cuando se utiliza YAQL anterior a 3.0.0, la extensión MuranoPL del servicio Murano para el lenguaje YAQL no logra sanitizar el entorno proporcionado, lo que genera una posible fuga de información confidencial de la cuenta de servicio.", }, ], id: "CVE-2024-29156", lastModified: "2025-03-25T20:15:21.533", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-03-18T07:15:05.880", references: [ { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://launchpad.net/bugs/2048114", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://opendev.org/openstack/murano/tags", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://opendev.org/openstack/yaql/commit/83e28324e1a0ce3970dd854393d2431123a909d3", }, { source: "cve@mitre.org", tags: [ "Product", ], url: "https://wiki.openstack.org/wiki/OSSN/OSSN-0093", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://launchpad.net/bugs/2048114", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://opendev.org/openstack/murano/tags", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://opendev.org/openstack/yaql/commit/83e28324e1a0ce3970dd854393d2431123a909d3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://wiki.openstack.org/wiki/OSSN/OSSN-0093", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-116", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }