Comment 10 for bug 1586136

If I understand correctly, murano-dashboard is fixed by murano and python-muranoclient patch. Then perhaps there is no need to mention murano-dashboard as an affected product.

Anyways, once you have the patch ready, the next step is to request a CVE to a CVE Number Authority ("CNA") such as <email address hidden>, preferably using an encrypted and signed email:
  https://security.openstack.org/vmt-process.html#cve-request-email-private-issues