OSSN-0093: [OpenStack Murano] Unsafe Environment Handling in MuranoPL

OSSN-0093: [OpenStack Murano] Unsafe Environment Handling in MuranoPL

Open Source Security [[{„value“:“

Posted by Jeremy Stanley on Mar 14

OSSN-0093
Unsafe Environment Handling in MuranoPL

### Summary ###
The Murano service’s MuranoPL extension to the YAQL language fails
to sanitize the supplied environment, leading to potential leakage
of sensitive service account information. Murano is an inactive
project[*], so no fix is currently under development for this
vulnerability. It is strongly recommended that any OpenStack
deployments disable or fully remove Murano, if installed,…
„}]] Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert