oss-sec mailing list archives
OSSN-0093: Unresolved Vulnerability in OpenStack Murano
From: Jeremy Stanley <fungi () yuggoth org>
Date: Thu, 7 Mar 2024 22:45:01 +0000
OSSN-0093 Unresolved Vulnerability in OpenStack Murano ### Summary ### A severe security vulnerability in all versions of the Murano service will be disclosed at a later date. Murano is an inactive project[*], so no fix is currently under development for this vulnerability. It is strongly recommended that any OpenStack deployments disable or fully remove Murano, if installed, at the earliest opportunity. This security note will be amended at the time of public disclosure to include further details and context, but action should be taken as soon as possible in order to minimize the risk it poses. [*] https://governance.openstack.org/tc/reference/emerging-technology-and-inactive-projects.html#current-inactive-projects ### Affected Services / Software ### - murano: all versions ### Discussion ### This security note is a redacted placeholder, and will be amended with complete details once the associated bug report becomes public. ### Recommended Actions ### Disable the Murano service in, or fully remove it from, all OpenStack deployments at the earliest opportunity. ### Credits ### Not yet disclosed. ### Contacts / References ### Authors: - Jeremy Stanley, OpenStack Vulnerability Coordinator This OSSN: https://wiki.openstack.org/wiki/OSSN/OSSN-0093 Original bug: https://launchpad.net/bugs/2048114 (not yet public) Mailing List : [security-sig] openstack-discuss () lists openstack org -- Jeremy Stanley, OpenStack Vulnerability Coordinator
Attachment:
signature.asc
Description:
Current thread:
- OSSN-0093: Unresolved Vulnerability in OpenStack Murano Jeremy Stanley (Mar 07)
- OSSN-0093: [OpenStack Murano] Unsafe Environment Handling in MuranoPL Jeremy Stanley (Mar 14)