OpenStack Security Advisory

  1. Bug #1586136
  2. Comment #5

Comment 5 for bug 1586136

Revision history for this message
Kirill Zaitsev (kzaitsev) wrote :

Draft:

Title: RCE vulnerability in Openstack Murano using insecure YAML tags
Reporter: Kirill Zaitsev
Products: OpenStack Murano, Murano Dashboard, python-muranoclient
Affects: >=2014.2, >1.0.0 (for murano and murano-dashboard); >=0.5.3 (for python-muranoclient)

Description:
Kirill Zaitsev from Mirantis reported a vulnerability in OpenStack Murano applications processing. Using extended YAML tags in Murano application YAML files, an attacker can perform a Remote Code Execution attack.