发布时间: 2024年3月29日
修改时间: 2024年10月31日
In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information.
| NVD | openEuler | |
|---|---|---|
| Confidentiality | High | High |
| Attack Vector | Network | Local |
| CVSS评分 | 6.5 | 8.4 |
| Attack Complexity | Low | Low |
| Privileges Required | Low | None |
| Scope | Unchanged | Unchanged |
| Integrity | None | High |
| User Interaction | None | None |
| Availability | None | High |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2024-3159 | python-yaql security update | 2024年3月29日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-5 | python-yaql | Fixed |
| KY3.5.2 | python-yaql | Fixed |
| KY3.5.1 | python-yaql | Fixed |
