← Back

CVE-2024-29156

nvd nist
Published: Mar 18, 2024Modified: Mar 25, 2025

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information.

Affected (2)

Products: Openstack: Murano, Yaql
Openstack
2 products
Murano
Yaql
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Murano
Up to 16.0.0
Yaql
Before 3.0.0

Related CWEs

CWE-116
Improper Encoding or Escaping of Output
The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

References (8)

Source: cve@mitre.org
Issue TrackingThird Party Advisory
Source: cve@mitre.org
Issue Tracking
Source: cve@mitre.org
Patch
Source: cve@mitre.org
Product
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Product

Timeline

No history available yet.