A flaw was found in the Murano component of OpenStack. This vulnerability allows ordinary users capable of importing and deploying app packages to access sensitive information within OpenStack services. Specifically, through this exploit, unauthorized users can obtain Murano service account credentials, potentially escalating their privileges to an administrator level. Subsequently, unauthorized users can gain complete control over various resources, including user roles, hosts, and networks. The exploit allows access to the Murano service’s oslo configuration storage, thereby exposing critical Murano service account credentials, and granting unauthorized users administrative privileges.