Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2024-29156HistoryMar 18, 2024 - 7:15 a.m.
CVE-2024-29156
2024-03-1807:15:05
Debian Security Bug Tracker
security-tracker.debian.org
6
openstack
murano
yaql
sensitive information
leakage
service account
In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service’s MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | murano | <= 1:14.0.0-3 | murano_1:14.0.0-3_all.deb |
| Debian | 11 | all | murano | <= 1:10.0.0-1 | murano_1:10.0.0-1_all.deb |
Related
nvd
nvd
CVE-2024-29156
2024-03-18 07:15:05
nessus
nessus
ubuntucve
ubuntucve
CVE-2024-29156
2024-03-18 00:00:00
redhat
redhat
redhatcve
redhatcve
CVE-2024-29156
2024-03-19 06:20:33
github
github
Information leakage in YAQL
2024-03-18 09:30:30
cvelist
cvelist
CVE-2024-29156
2024-03-18 00:00:00
osv
osv
Information leakage in YAQL
2024-03-18 09:30:30
veracode
veracode
Information Disclosure
2024-04-04 06:31:48
cve
cve
CVE-2024-29156
2024-03-18 07:15:05
6.6 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.8%
Related for DEBIANCVE:CVE-2024-29156