USN-8422-1: Mistral vulnerability

Eduardo Gonzalez Gutierrez and Arnaud Morin discovered that Mistral did not properly enforce access policies on some API endpoints. An attacker could possibly execute arbitrary code on a Mistral worker and possibly extract sensitive data including service credentials from it...

PT-2020-8565 · Openstack +1 · Openstack-Mistral +1

Name of the Vulnerable Software and Affected Versions: OpenStack Mistral versions up to and including 7.0.3 Description: A Denial of Service DoS condition is possible due to submitting a specially crafted workflow definition YAML file containing nested anchors, which can lead to resource...