20 matches found
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-yaql (UTSA-2026-000170)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000170 advisory. In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied...
TencentOS Server 4: python-yaql (TSSA-2024:1088)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:1088 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
RHSA-2024:1930 Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (openstack-tripleo-heat-templates and python-yaql) security update
Bulletin has no description...
RHSA-2024:1931 Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (python-yaql and openstack-tripleo-heat-templates) security update
Bulletin has no description...
Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 security update
An update for python-yaql, openstack-tripleo-heat-templates, and openstack-tripleo-common is now available for Red Hat OpenStack Platform 16.2 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, whi...
RHEL 9 : Red Hat OpenStack Platform 17.1 (python-yaql and openstack-tripleo-heat-templates) (RHSA-2024:1931)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1931 advisory. Heat templates for TripleO YAQL library has a out of the box large set of commonly used functions. Security Fixes: OpenStack Murano Component...
Important: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (openstack-tripleo-heat-templates and python-yaql) security update
An update for openstack-tripleo-heat-templates and python-yaql is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
Important: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (python-yaql and openstack-tripleo-heat-templates) security update
An update for python-yaql and openstack-tripleo-heat-templates is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
Information Disclosure
yaql is vulnerable to Information Disclosure. The vulnerability is due to improper handling of attribute access in the YAQL library's 'format' function, allowing unauthorized users to access sensitive information, including service account credentials...
python-muranoclient (>=0.5.8 <=0.6.0), slacktivate (>=0.2.1 <=0.2.26) +1 more potentially affected by CVE-2024-29156 via yaql (>=0.2.7 <=2.0.1)
yaql PYPI version =0.2.7, =0.5.8, =0.2.1, =0.2.26 - yglu =1.1.2 Source cves: CVE-2024-29156 Source advisory: OSV:GHSA-MVF6-HWXH-7V76...
Information leakage in YAQL
YAQL before 3.0.0 is used in Murano, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information...
GHSA-MVF6-HWXH-7V76 Information leakage in YAQL
YAQL before 3.0.0 is used in Murano, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information...
CVE-2024-29156
In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information...
CVE-2024-29156
In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information...
DEBIAN-CVE-2024-29156
In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information...
CVE-2024-29156
In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information...
CVE-2024-29156
In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information...
CVE-2024-29156
In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information...
CVE-2024-29156
In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information...
CVE-2024-29156
CVE-2024-29156 affects OpenStack Murano up to 16.0.0 where YAQL before 3.0.0 enables the MuranoPL extension to fail to sanitize the environment, potentially leaking sensitive service account information. The root cause is inadequate sanitization in YAQL integration within Murano, leading to infor...