In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-03-18T00:00:00
Updated: 2024-08-02T01:10:53.909Z
Reserved: 2024-03-18T00:00:00
Link: CVE-2024-29156
Vulnrichment
Updated: 2024-08-02T01:10:53.909Z
NVD
Status : Awaiting Analysis
Published: 2024-03-18T07:15:05.880
Modified: 2024-11-21T09:07:40.423
Link: CVE-2024-29156
Redhat