| 2016-06-15 22:27:03 |
Kirill Zaitsev |
bug |
|
|
added bug |
| 2016-06-15 22:27:55 |
Kirill Zaitsev |
cve linked |
|
2016-4972 |
|
| 2016-06-15 22:30:07 |
Kirill Zaitsev |
bug |
|
|
added subscriber Serg Melikyan |
| 2016-06-15 22:30:31 |
Kirill Zaitsev |
bug |
|
|
added subscriber Dina Belova |
| 2016-06-15 22:30:45 |
Kirill Zaitsev |
bug |
|
|
added subscriber Vitaly Sedelnik |
| 2016-06-15 22:30:59 |
Kirill Zaitsev |
nominated for series |
|
mos/9.0.x |
|
| 2016-06-15 22:30:59 |
Kirill Zaitsev |
bug task added |
|
mos/9.0.x |
|
| 2016-06-15 22:30:59 |
Kirill Zaitsev |
nominated for series |
|
mos/6.1.x |
|
| 2016-06-15 22:30:59 |
Kirill Zaitsev |
bug task added |
|
mos/6.1.x |
|
| 2016-06-15 22:30:59 |
Kirill Zaitsev |
nominated for series |
|
mos/7.0.x |
|
| 2016-06-15 22:30:59 |
Kirill Zaitsev |
bug task added |
|
mos/7.0.x |
|
| 2016-06-15 22:30:59 |
Kirill Zaitsev |
nominated for series |
|
mos/8.0.x |
|
| 2016-06-15 22:30:59 |
Kirill Zaitsev |
bug task added |
|
mos/8.0.x |
|
| 2016-06-15 22:31:05 |
Kirill Zaitsev |
mos/7.0.x: importance |
Undecided |
Critical |
|
| 2016-06-15 22:31:07 |
Kirill Zaitsev |
mos/6.1.x: importance |
Undecided |
Critical |
|
| 2016-06-15 22:31:08 |
Kirill Zaitsev |
mos/8.0.x: importance |
Undecided |
Critical |
|
| 2016-06-15 22:31:21 |
Kirill Zaitsev |
mos/6.1.x: milestone |
|
6.1-updates |
|
| 2016-06-15 22:31:24 |
Kirill Zaitsev |
mos/7.0.x: milestone |
|
7.0-updates |
|
| 2016-06-15 22:31:29 |
Kirill Zaitsev |
mos/8.0.x: milestone |
|
8.0-updates |
|
| 2016-06-15 23:24:59 |
Kirill Zaitsev |
mos/9.0.x: status |
Confirmed |
In Progress |
|
| 2016-06-15 23:25:02 |
Kirill Zaitsev |
mos/8.0.x: status |
New |
Confirmed |
|
| 2016-06-15 23:25:04 |
Kirill Zaitsev |
mos/7.0.x: status |
New |
Confirmed |
|
| 2016-06-15 23:25:06 |
Kirill Zaitsev |
mos/6.1.x: status |
New |
Confirmed |
|
| 2016-06-16 00:31:34 |
Kirill Zaitsev |
mos/8.0.x: status |
Confirmed |
In Progress |
|
| 2016-06-16 00:31:36 |
Kirill Zaitsev |
mos/7.0.x: status |
Confirmed |
In Progress |
|
| 2016-06-16 00:31:40 |
Kirill Zaitsev |
mos/9.0.x: status |
In Progress |
Fix Committed |
|
| 2016-06-16 00:31:44 |
Kirill Zaitsev |
mos/7.0.x: status |
In Progress |
Fix Committed |
|
| 2016-06-16 00:31:46 |
Kirill Zaitsev |
mos/8.0.x: status |
In Progress |
Fix Committed |
|
| 2016-06-16 08:58:36 |
Dina Belova |
mos/6.1.x: assignee |
|
MOS Maintenance (mos-maintenance) |
|
| 2016-06-16 08:58:59 |
Dina Belova |
mos/8.0.x: assignee |
|
Kirill Zaitsev (kzaitsev) |
|
| 2016-06-16 08:59:11 |
Dina Belova |
mos/7.0.x: assignee |
|
Kirill Zaitsev (kzaitsev) |
|
| 2016-06-16 13:46:45 |
Vitaly Sedelnik |
mos/6.1.x: status |
Confirmed |
In Progress |
|
| 2016-06-16 13:46:47 |
Vitaly Sedelnik |
mos/7.0.x: status |
Fix Committed |
In Progress |
|
| 2016-06-16 13:46:50 |
Vitaly Sedelnik |
mos/8.0.x: status |
Fix Committed |
In Progress |
|
| 2016-06-16 13:48:19 |
Kirill Zaitsev |
mos/9.0.x: status |
Fix Committed |
In Progress |
|
| 2016-06-17 07:01:07 |
Dina Belova |
mos/9.0.x: status |
In Progress |
Fix Committed |
|
| 2016-06-17 12:54:12 |
Kirill Zaitsev |
bug |
|
|
added subscriber Victor Ryzhenkin |
| 2016-06-17 12:54:45 |
Victor Ryzhenkin |
mos/9.0.x: status |
Fix Committed |
Fix Released |
|
| 2016-06-17 12:56:28 |
Victor Ryzhenkin |
mos/6.1.x: milestone |
6.1-updates |
6.1-mu-7 |
|
| 2016-06-17 12:57:02 |
Victor Ryzhenkin |
mos/8.0.x: milestone |
8.0-updates |
8.0-mu-2 |
|
| 2016-06-17 12:58:08 |
Victor Ryzhenkin |
mos/7.0.x: assignee |
Kirill Zaitsev (kzaitsev) |
MOS Maintenance (mos-maintenance) |
|
| 2016-06-17 12:58:22 |
Victor Ryzhenkin |
mos/8.0.x: assignee |
Kirill Zaitsev (kzaitsev) |
MOS Maintenance (mos-maintenance) |
|
| 2016-06-20 15:04:22 |
Vitaly Sedelnik |
bug |
|
|
added subscriber Denis Meltsaykin |
| 2016-06-21 12:37:49 |
Adam Heczko |
tags |
area-murano |
area-murano feature-security |
|
| 2016-06-22 21:47:12 |
Kirill Zaitsev |
nominated for series |
|
mos/5.1.x |
|
| 2016-06-22 21:47:12 |
Kirill Zaitsev |
bug task added |
|
mos/5.1.x |
|
| 2016-06-22 21:47:12 |
Kirill Zaitsev |
nominated for series |
|
mos/6.0.x |
|
| 2016-06-22 21:47:12 |
Kirill Zaitsev |
bug task added |
|
mos/6.0.x |
|
| 2016-06-22 21:47:18 |
Kirill Zaitsev |
mos/6.0.x: status |
New |
In Progress |
|
| 2016-06-22 21:47:20 |
Kirill Zaitsev |
mos/5.1.x: status |
New |
In Progress |
|
| 2016-06-22 21:47:22 |
Kirill Zaitsev |
mos/6.0.x: importance |
Undecided |
Critical |
|
| 2016-06-22 21:47:24 |
Kirill Zaitsev |
mos/5.1.x: importance |
Undecided |
Critical |
|
| 2016-06-22 21:47:38 |
Kirill Zaitsev |
mos/6.0.x: assignee |
|
MOS Maintenance (mos-maintenance) |
|
| 2016-06-22 21:47:45 |
Kirill Zaitsev |
mos/5.1.x: assignee |
|
MOS Maintenance (mos-maintenance) |
|
| 2016-06-22 21:47:47 |
Kirill Zaitsev |
mos/6.0.x: milestone |
|
6.0-updates |
|
| 2016-06-22 21:47:51 |
Kirill Zaitsev |
mos/5.1.x: milestone |
|
5.1.1-updates |
|
| 2016-06-27 15:09:03 |
Vitaly Sedelnik |
mos/8.0.x: status |
In Progress |
Fix Committed |
|
| 2016-06-29 09:25:43 |
Vitaly Sedelnik |
mos/7.0.x: milestone |
7.0-updates |
7.0-mu-5 |
|
| 2016-07-07 07:43:12 |
Vitaly Sedelnik |
mos/5.1.x: milestone |
5.1.1-updates |
5.1.1-mu-3 |
|
| 2016-07-07 07:43:16 |
Vitaly Sedelnik |
mos/6.0.x: milestone |
6.0-updates |
6.0-mu-9 |
|
| 2016-07-11 09:03:36 |
Vitaly Sedelnik |
mos/6.1.x: status |
In Progress |
Fix Committed |
|
| 2016-07-11 09:03:40 |
Vitaly Sedelnik |
mos/7.0.x: status |
In Progress |
Fix Committed |
|
| 2016-07-19 20:26:46 |
Vitaly Sedelnik |
mos/8.0.x: status |
Fix Committed |
Fix Released |
|
| 2016-07-19 20:31:18 |
Vitaly Sedelnik |
information type |
Private Security |
Public Security |
|
| 2016-08-10 14:26:27 |
Denis Meltsaykin |
mos/6.1.x: status |
Fix Committed |
Fix Released |
|
| 2016-08-17 07:19:52 |
TatyanaGladysheva |
mos/7.0.x: status |
Fix Committed |
Fix Released |
|
| 2016-08-30 11:00:30 |
Vladimir Jigulin |
information type |
Public Security |
Private Security |
|
| 2016-08-30 11:00:35 |
Vladimir Jigulin |
information type |
Private Security |
Public Security |
|
| 2016-12-16 21:00:45 |
Vitaly Sedelnik |
mos/6.0.x: milestone |
6.0-mu-9 |
6.0-updates |
|
| 2016-12-16 21:02:52 |
Vitaly Sedelnik |
mos/5.1.x: milestone |
5.1.1-mu-3 |
5.1.1-updates |
|
| 2019-08-29 19:55:33 |
Jeremy Stanley |
description |
This issue is being treated as a potential security risk under embargo. Please do not make any public mention of embargoed (private) security vulnerabilities before their coordinated publication by the OpenStack Vulnerability Management Team in the form of an official OpenStack Security Advisory. This includes discussion of the bug or associated fixes in public forums such as mailing lists, code review systems and bug trackers. Please also avoid private disclosure to other individuals not already approved for access to this information, and provide this same reminder to those who are made aware of the issue prior to publication. All discussion should remain confined to this private bug report, and any proposed fixes should be added to the bug as attachments.
-------------------------------------------------------------------------
YaqlYamlLoader inherits from YamlLoader, meaning that it is possible to use extended unsafe tags in yaml files http://pyyaml.org/wiki/PyYAMLDocumentation#YAMLtagsandPythontypes
dashboard, engine/api, and client are vulnerable.
CVE Description:
Kirill Zaitsev from Mirantis reported a vulnerability in OpenStack Murano applications processing. Using extended YAML tags in Murano application YAML files, an attacker can perform a Remote Code Execution attack. |
YaqlYamlLoader inherits from YamlLoader, meaning that it is possible to use extended unsafe tags in yaml files http://pyyaml.org/wiki/PyYAMLDocumentation#YAMLtagsandPythontypes
dashboard, engine/api, and client are vulnerable.
CVE Description:
Kirill Zaitsev from Mirantis reported a vulnerability in OpenStack Murano applications processing. Using extended YAML tags in Murano application YAML files, an attacker can perform a Remote Code Execution attack. |
|
