Moderate severityNVD Advisory· Published Mar 18, 2024· Updated Mar 25, 2025
CVE-2024-29156
CVE-2024-29156
Description
In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
yaqlPyPI | < 3.0.0 | 3.0.0 |
Affected products
2- OpenStack/Muranodescription
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-mvf6-hwxh-7v76ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-29156ghsaADVISORY
- bugs.launchpad.net/murano/+bug/2048114ghsaWEB
- launchpad.net/bugs/2048114ghsaWEB
- opendev.org/openstack/murano/tagsghsaWEB
- opendev.org/openstack/yaql/commit/83e28324e1a0ce3970dd854393d2431123a909d3ghsaWEB
- wiki.openstack.org/wiki/OSSN/OSSN-0093ghsaWEB
News mentions
0No linked articles in our index yet.