REDHAT-BUG-2269112
First published: Tue Mar 12 2024(Updated: )
The Sangfor Security Research Team has identified a critical security vulnerability in the Murano component of OpenStack. This vulnerability allows ordinary users capable of importing and deploying app packages to access sensitive information within OpenStack services. Specifically, through this exploit, unauthorised users can obtain Murano service account credentials, potentially escalating their privileges to an administrator level. Subsequently, unauthorised users can gain complete control over various resources, including user roles, hosts, and networks. The exploit allows access to Murano service's oslo configuration storage, thereby exposing critical Murano service account credentials, granting unauthorised users administrative privileges.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenStack Mitaka-Murano |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2270037
- https://launchpad.net/bugs/2048114
- https://opendev.org/openstack/murano/tags
- https://opendev.org/openstack/yaql/commit/83e28324e1a0ce3970dd854393d2431123a909d3
- https://wiki.openstack.org/wiki/OSSN/OSSN-0093
- https://access.redhat.com/errata/RHSA-2024:1931
- https://access.redhat.com/errata/RHSA-2024:1930
- https://access.redhat.com/errata/RHSA-2024:4053
- https://bugzilla.redhat.com/show_bug.cgi?id=2269112
Frequently Asked Questions
What is the severity of REDHAT-BUG-2269112?
REDHAT-BUG-2269112 is classified as a critical security vulnerability.
How do I fix REDHAT-BUG-2269112?
To address REDHAT-BUG-2269112, update your OpenStack Murano component to the latest patched version.
What type of information can be accessed due to REDHAT-BUG-2269112?
REDHAT-BUG-2269112 allows unauthorized access to sensitive information within OpenStack services.
Which version of OpenStack is affected by REDHAT-BUG-2269112?
The vulnerability impacts OpenStack Murano, specifically versions up to and including Mitaka.
Who is affected by REDHAT-BUG-2269112?
Ordinary users who can import and deploy app packages in OpenStack are affected by REDHAT-BUG-2269112.
- agent/severity
- agent/first-publish-date
- agent/type
- agent/description
- agent/event
- agent/references
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-29156
- agent/last-modified-date
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/openstack
- canonical/openstack mitaka-murano