Comment 7 for bug 1586136

Title: RCE vulnerability in Openstack Murano using insecure YAML tags
Reporter: Kirill Zaitsev
Product: murano
Affects: <=2015.1.1; <=1.0.2; ==2.0.0
Product: murano-dashboard
Affects: <=2015.1.1; <=1.0.2; ==2.0.0
Product: python-muranoclient
Affects: <=0.7.2; >=0.8.0<=0.8.4

Description:
Kirill Zaitsev from Mirantis reported a vulnerability in OpenStack Murano applications processing. Using extended YAML tags in Murano application YAML files, an attacker can perform a Remote Code Execution attack.