Kirualawliet

Name of the Vulnerable Software and Affected Versions: OpenStack Murano versions prior to 16.0.0 with YAQL versions prior to 3.0.0 Description: The issue is related to the Murano service's MuranoPL extension to the YAQL language, which fails to sanitize the supplied environment. This could lead to potential leakage of sensitive service account information. Recommendations: For OpenStack Murano versions prior to 16.0.0 with YAQL versions prior to 3.0.0, consider disabling the Murano service or fully removing it from all OpenStack deployments as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** JumpServer versions prior to 3.8.0 **Description** The issue concerns the default email address for the initial admin user, which is set to `admin[@]mycompany[.]com`. This could potentially affect password reset functionality if the domain `mycompany.com` is registered in the future. The estimated number of potentially affected devices is not specified. **Recommendations** For versions prior to 3.8.0, update to version 3.8.0 or later. As a temporary workaround, consider changing the default email domain to `example.com` manually for those who cannot upgrade.

**Name of the Vulnerable Software and Affected Versions** JumpServer versions prior to 3.6.5 **Description** The issue is related to incorrect restriction of a directory path with limited access in the JumpServer security audit system. This can allow a remote attacker to gain unauthorized access to protected information and modify the contents of arbitrary files in the system. A directory traversal flaw can be exploited using a provided URL, such as `https://jumpserver-ip/api/v1/ops/playbook/e0adabef-c38f-492d-bd92-832bacc3df5f/file/?key=../../../../../../../etc/passwd`, to access and retrieve file contents. A similar method to modify file content is also present. **Recommendations** For versions prior to 3.6.5, upgrade to version 3.6.5 or later to address the issue. As a temporary workaround, consider restricting access to the `api/v1/ops/playbook` endpoint until a patch is available. Avoid using the `key` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** JumpServer versions prior to 2.28.19 JumpServer versions prior to 3.6.5 **Description** The issue is related to the exposure of the random number seed to the API, potentially allowing the randomly generated verification codes to be replayed, which could lead to password resets. If MFA is enabled, users are not affected. Users not using local authentication are also not affected. **Recommendations** For versions prior to 2.28.19, upgrade to version 2.28.19 or later. For versions prior to 3.6.5, upgrade to version 3.6.5 or later. As a temporary workaround, consider restricting access to the API endpoint that exposes the random number seed until a patch is available. Avoid using the verification codes generated by the affected API endpoint until the issue is resolved.