Skip to main content

Murano

2 CVEs product

Monthly

CVE-2024-29156 PyPI MEDIUM PATCH This Month

In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Murano Yaql
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2016-4972 PyPI CRITICAL PATCH Act Now

OpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), Murano-dashboard before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), and python-muranoclient before 0.7.3 (liberty) and 0.8.x. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Python Mitaka Murano Murano Murano Dashboard +1
NVD
CVSS 3.0
9.8
EPSS
3.9%
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Murano Yaql
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

OpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), Murano-dashboard before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), and python-muranoclient before 0.7.3 (liberty) and 0.8.x. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Python Mitaka Murano +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy