8 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-29156
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied...
Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 security update
An update for python-yaql, openstack-tripleo-heat-templates, and openstack-tripleo-common is now available for Red Hat OpenStack Platform 16.2 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, whi...
RHEL 9 : Red Hat OpenStack Platform 17.1 (python-yaql and openstack-tripleo-heat-templates) (RHSA-2024:1931)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1931 advisory. Heat templates for TripleO YAQL library has a out of the box large set of commonly used functions. Security Fixes: OpenStack Murano Component...
Important: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (openstack-tripleo-heat-templates and python-yaql) security update
An update for openstack-tripleo-heat-templates and python-yaql is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
OESA-2024-1329 python-yaql security update
YAQL Yet Another Query Language is an embeddable and extensible query language, that allows performing complex queries against arbitrary objects. It has a vast and comprehensive standard library of frequently used querying functions and can be extend even further with user-specified functions. YA...
OESA-2024-1332 python-yaql security update
YAQL Yet Another Query Language is an embeddable and extensible query language, that allows performing complex queries against arbitrary objects. It has a vast and comprehensive standard library of frequently used querying functions and can be extend even further with user-specified functions. YA...
OESA-2024-1328 python-yaql security update
YAQL Yet Another Query Language is an embeddable and extensible query language, that allows performing complex queries against arbitrary objects. It has a vast and comprehensive standard library of frequently used querying functions and can be extend even further with user-specified functions. YA...
CVE-2024-29156
CVE-2024-29156 affects OpenStack Murano up to 16.0.0 where YAQL before 3.0.0 enables the MuranoPL extension to fail to sanitize the environment, potentially leaking sensitive service account information. The root cause is inadequate sanitization in YAQL integration within Murano, leading to infor...