Bug 2269112 (CVE-2024-29156) - CVE-2024-29156 YAQL: OpenStack Murano Component Information Leakage
Summary: CVE-2024-29156 YAQL: OpenStack Murano Component Information Leakage
Keywords:
Status: NEW
Alias: CVE-2024-29156
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
: 2270037 (view as bug list)
Depends On: 2269116 2269117 2270055 2270056 2275836 2275837 229116 2269113 2269114 2269115 2269118 2270057 2273549 2273771
Blocks: 2269119
TreeView+ depends on / blocked
 
Reported: 2024-03-12 06:56 UTC by Avinash Hanwate
Modified: 2024-04-23 12:16 UTC (History)
16 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Murano component of OpenStack. This vulnerability allows ordinary users capable of importing and deploying app packages to access sensitive information within OpenStack services. Specifically, through this exploit, unauthorized users can obtain Murano service account credentials, potentially escalating their privileges to an administrator level. Subsequently, unauthorized users can gain complete control over various resources, including user roles, hosts, and networks. The exploit allows access to the Murano service's oslo configuration storage, thereby exposing critical Murano service account credentials, and granting unauthorized users administrative privileges.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
OpenStack gerrit 913228 0 None MERGED Remove format function 2024-03-18 05:59:32 UTC
Red Hat Product Errata RHBA-2024:1981 0 None None None 2024-04-23 12:16:33 UTC
Red Hat Product Errata RHSA-2024:1930 0 None None None 2024-04-22 01:02:13 UTC
Red Hat Product Errata RHSA-2024:1931 0 None None None 2024-04-22 01:01:22 UTC

Description Avinash Hanwate 2024-03-12 06:56:44 UTC 
The Sangfor Security Research Team has identified a critical security vulnerability in the Murano component of OpenStack. This vulnerability allows ordinary users capable of importing and deploying app packages to access sensitive information within OpenStack services. Specifically, through this exploit, unauthorised users can obtain Murano service account credentials, potentially escalating their privileges to an administrator level. Subsequently, unauthorised users can gain complete control over various resources, including user roles, hosts, and networks.

The exploit allows access to Murano service's oslo configuration storage, thereby exposing critical Murano service account credentials, granting
unauthorised users administrative privileges.
Comment 5 TEJ RATHI 2024-03-19 05:52:01 UTC 
*** Bug 2270037 has been marked as a duplicate of this bug. ***
Comment 6 TEJ RATHI 2024-03-19 05:58:11 UTC 
Lifting Embargo...

https://launchpad.net/bugs/2048114
https://opendev.org/openstack/murano/tags
https://opendev.org/openstack/yaql/commit/83e28324e1a0ce3970dd854393d2431123a909d3
https://wiki.openstack.org/wiki/OSSN/OSSN-0093
Comment 11 errata-xmlrpc 2024-04-22 01:01:21 UTC 
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 17.1 for RHEL 9

Via RHSA-2024:1931 https://access.redhat.com/errata/RHSA-2024:1931
Comment 12 errata-xmlrpc 2024-04-22 01:02:12 UTC 
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 17.1 for RHEL 8

Via RHSA-2024:1930 https://access.redhat.com/errata/RHSA-2024:1930
Note You need to log in before you can comment on or make changes to this bug.