Lucene search
Redhat.comRH:CVE-2024-29156HistoryMar 19, 2024 - 6:20 a.m.
CVE-2024-29156
2024-03-1906:20:33
redhat.com
access.redhat.com
14
openstack
murano
vulnerability
sensitive information
unauthorized access
privilege escalation
administrator
control
oslo configuration storage
credentials
A flaw was found in the Murano component of OpenStack. This vulnerability allows ordinary users capable of importing and deploying app packages to access sensitive information within OpenStack services. Specifically, through this exploit, unauthorized users can obtain Murano service account credentials, potentially escalating their privileges to an administrator level. Subsequently, unauthorized users can gain complete control over various resources, including user roles, hosts, and networks. The exploit allows access to the Murano service’s oslo configuration storage, thereby exposing critical Murano service account credentials, and granting unauthorized users administrative privileges.
Related
nvd
nvd
CVE-2024-29156
2024-03-18 07:15:05
nessus
nessus
ubuntucve
ubuntucve
CVE-2024-29156
2024-03-18 00:00:00
redhat
redhat
github
github
Information leakage in YAQL
2024-03-18 09:30:30
cvelist
cvelist
CVE-2024-29156
2024-03-18 00:00:00
debiancve
debiancve
CVE-2024-29156
2024-03-18 07:15:05
osv
osv
Information leakage in YAQL
2024-03-18 09:30:30
veracode
veracode
Information Disclosure
2024-04-04 06:31:48
cve
cve
CVE-2024-29156
2024-03-18 07:15:05