Lucene search
Ubuntu.comUB:CVE-2024-29156HistoryMar 18, 2024 - 12:00 a.m.
CVE-2024-29156
2024-03-1800:00:00
ubuntu.com
ubuntu.com
8
openstack
murano
yaql
sensitive data
In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the
Murano service’s MuranoPL extension to the YAQL language fails to sanitize
the supplied environment, leading to potential leakage of sensitive service
account information.
References
bugs.launchpad.net/murano/+bug/2048114
launchpad.net/bugs/2048114
launchpad.net/bugs/cve/CVE-2024-29156
nvd.nist.gov/vuln/detail/CVE-2024-29156
opendev.org/openstack/murano/tags
opendev.org/openstack/yaql/commit/83e28324e1a0ce3970dd854393d2431123a909d3
opendev.org/openstack/yaql/commit/83e28324e1a0ce3970dd854393d2431123a909d3 (3.0.0)
security-tracker.debian.org/tracker/CVE-2024-29156
wiki.openstack.org/wiki/OSSN/OSSN-0093
www.cve.org/CVERecord?id=CVE-2024-29156
Related
redhat
redhat
nessus
nessus
nvd
nvd
CVE-2024-29156
2024-03-18 07:15:05
redhatcve
redhatcve
CVE-2024-29156
2024-03-19 06:20:33
github
github
Information leakage in YAQL
2024-03-18 09:30:30
cvelist
cvelist
CVE-2024-29156
2024-03-18 00:00:00
debiancve
debiancve
CVE-2024-29156
2024-03-18 07:15:05
osv
osv
Information leakage in YAQL
2024-03-18 09:30:30
veracode
veracode
Information Disclosure
2024-04-04 06:31:48
cve
cve
CVE-2024-29156
2024-03-18 07:15:05