Kirill Zaitsev from Mirantis reported a vulnerability in OpenStack Murano applications processing. Using extended YAML tags in Murano application YAML files, an attacker can perform Remote Code Execution.
Name: Kirill Zaitsev (Mirantis)
Upstream announcement: http://seclists.org/oss-sec/2016/q2/593
From: Kirill Zaitsev <k.zaitsev () me com>
Date: Thu, 23 Jun 2016 20:42:13 +0300
Red Hat OpenStack Platform and Red Hat Enterprise Linux OpenStack Platform do not include or support openstack-murano, and are therefore not affected by this flaw in any supported configuration.