Home > Vulnerability Database > CVE-2024-29156

Mend.io Vulnerability Database

CVE-2024-29156

Good to know:

Date: March 18, 2024

In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information.

Language: Python

Severity Score

7.5

Related Resources (6)

Url: https://opendev.org/openstack/murano/tags

Url: https://launchpad.net/bugs/2048114

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-29156

Url: https://wiki.openstack.org/wiki/OSSN/OSSN-0093

Url: https://opendev.org/openstack/yaql/commit/83e28324e1a0ce3970dd854393d2431123a909d3

Url: https://www.mend.io/vulnerability-database/CVE-2024-29156

Severity Score

7.5

Top Fix

Upgrade Version

Upgrade to version yaql - 3.0.0

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-29156

Good to know:

Date: March 18, 2024

Language: Python

Severity Score

Related Resources (6)

Severity Score

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?