Lucene search

GitHub Advisory DatabaseGHSA-87R7-Q54J-F9QG

HistoryMay 17, 2022 - 3:48 a.m.

OpenStack Murano Code Execution

2022-05-1703:48:22

CWE-20

GitHub Advisory Database

github.com

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.027 Low

EPSS

Percentile

90.6%

JSON

OpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), Murano-dashboard before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), and python-muranoclient before 0.7.3 (liberty) and 0.8.x before 0.8.5 (mitaka) improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files, which allows remote attackers to create arbitrary Python objects and execute arbitrary code via crafted extended YAML tags in UI definitions in packages.

Affected configurations

Vulners

Node

pythonjw.utilRange<0.8.5python

muranodashboardRange<2.0.1

pythonjw.utilRange<0.7.3python

muranodashboardRange<1.0.3

openstackmuranoRange<1.0.3

CPENameOperatorVersion
python-muranoclientlt0.8.5
murano-dashboardlt2.0.1
python-muranoclientlt0.7.3
murano-dashboardlt1.0.3
muranolt1.0.3

Name	Operator	Version
python-muranoclient	lt	0.8.5
murano-dashboard	lt	2.0.1
python-muranoclient	lt	0.7.3
murano-dashboard	lt	1.0.3
murano	lt	1.0.3

References

www.openwall.com/lists/oss-security/2016/06/23/8

bugs.launchpad.net/murano/+bug/1586079

bugs.launchpad.net/python-muranoclient/+bug/1586078

github.com/advisories/GHSA-87r7-q54j-f9qg

github.com/openstack/murano/blob/c898a310afbc27f12190446ef75d8b0bd12115eb/releasenotes/notes/safeloader-cve-2016-4972-19035a2a091ec30a.yaml

github.com/openstack/murano/blob/c898a310afbc27f12190446ef75d8b0bd12115eb/releasenotes/source/locale/en_GB/LC_MESSAGES/releasenotes.po

github.com/openstack/murano/commit/28de8c36c9dbe4aaf4d062e6fb6099afd437f49b

nvd.nist.gov/vuln/detail/CVE-2016-4972

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.027 Low

EPSS

Percentile

90.6%

JSON

Related for GHSA-87R7-Q54J-F9QG