Jump to: navigation, search

OSSN/OSSN-0093

< OSSN
Revision as of 22:38, 6 March 2024 by Fungi (talk | contribs) (initial draft)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Unresolved Vulnerability in Murano

Summary

A severe security vulnerability in all versions of the Murano service will be disclosed on Thursday, March 14, 2024. There is currently no fix under development for this, so it is strongly recommended that any deployments with Murano functionality accessible to untrusted users disable or fully remove it before that date. This security note will be amended at the time of public disclosure to include further details and context, but action should be taken prior to that time in order to minimize the risk it poses.

Affected Services / Software

Murano

Discussion

This security note is a redacted placeholder, and will be amended on Thursday, March 14, 2024 with complete details.

Recommended Actions

Disable the Murano service in, or fully remove it from, all OpenStack deployments at the earliest opportunity.

Contacts / References

Author:

  • Jeremy Stanley, OpenStack Vulnerability Coordinator

This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0093

Original LaunchPad Bug : https://launchpad.net/bugs/2048114

Mailing List : [Security] openstack-discuss@lists.openstack.org

Retrieved from "https://wiki.openstack.org/w/index.php?title=OSSN/OSSN-0093&oldid=184474"