In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-03-18T00:00:00

Updated: 2024-08-02T01:10:53.909Z

Reserved: 2024-03-18T00:00:00

Link: CVE-2024-29156

cve-icon Vulnrichment

Updated: 2024-08-02T01:10:53.909Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-03-18T07:15:05.880

Modified: 2024-11-21T09:07:40.423

Link: CVE-2024-29156

cve-icon Redhat

Severity : Important

Publid Date: 2024-03-14T00:00:00Z

Links: CVE-2024-29156 - Bugzilla