PT-2016-6202 · Openstack · Murano-Dashboard+2
Serg Melikyan
+1
·
Published
2016-09-26
·
Updated
2022-05-17
·
CVE-2016-4972
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
OpenStack Murano versions prior to 1.0.3 (liberty) and prior to 2.0.1 (mitaka)
Murano-dashboard versions prior to 1.0.3 (liberty) and prior to 2.0.1 (mitaka)
python-muranoclient versions prior to 0.7.3 (liberty) and prior to 0.8.5 (mitaka)
Description
The issue allows remote attackers to create arbitrary Python objects and execute arbitrary code via crafted extended YAML tags in UI definitions in packages. This is due to the improper use of loaders inherited from
yaml.Loader when parsing MuranoPL and UI files.Recommendations
For OpenStack Murano versions prior to 1.0.3 (liberty) and prior to 2.0.1 (mitaka), update to version 1.0.3 (liberty) or 2.0.1 (mitaka) to resolve the issue.
For Murano-dashboard versions prior to 1.0.3 (liberty) and prior to 2.0.1 (mitaka), update to version 1.0.3 (liberty) or 2.0.1 (mitaka) to resolve the issue.
For python-muranoclient versions prior to 0.7.3 (liberty) and prior to 0.8.5 (mitaka), update to version 0.7.3 (liberty) or 0.8.5 (mitaka) to resolve the issue.
Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Murano-Dashboard
Openstack Murano
Python-Muranoclient