Difference between revisions of "OSSN/OSSN-0093"
(strengthen recommendation to disable or remove) |
(clarify murano's inactive status) |
||
Line 3: | Line 3: | ||
=== Summary === | === Summary === | ||
− | A severe security vulnerability in all versions of the Murano service will be disclosed on Thursday, March 14, 2024. | + | A severe security vulnerability in all versions of the Murano service will be disclosed on Thursday, March 14, 2024. Murano is an inactive project, so no fix is currently under development for this vulnerability. It is strongly recommended that any OpenStack deployments disable or fully remove Murano, if installed, before that date. This security note will be amended at the time of public disclosure to include further details and context, but action should be taken prior to March 14 in order to minimize the risk it poses. |
=== Affected Services / Software === | === Affected Services / Software === | ||
Line 21: | Line 21: | ||
'''Author:''' | '''Author:''' | ||
* Jeremy Stanley, OpenStack Vulnerability Coordinator | * Jeremy Stanley, OpenStack Vulnerability Coordinator | ||
+ | |||
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0093 | This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0093 |
Revision as of 22:51, 6 March 2024
Contents
Unresolved Vulnerability in Murano
Summary
A severe security vulnerability in all versions of the Murano service will be disclosed on Thursday, March 14, 2024. Murano is an inactive project, so no fix is currently under development for this vulnerability. It is strongly recommended that any OpenStack deployments disable or fully remove Murano, if installed, before that date. This security note will be amended at the time of public disclosure to include further details and context, but action should be taken prior to March 14 in order to minimize the risk it poses.
Affected Services / Software
Murano
Discussion
This security note is a redacted placeholder, and will be amended on Thursday, March 14, 2024 with complete details.
Recommended Actions
Disable the Murano service in, or fully remove it from, all OpenStack deployments at the earliest opportunity.
Contacts / References
Author:
- Jeremy Stanley, OpenStack Vulnerability Coordinator
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0093
Original LaunchPad Bug : https://launchpad.net/bugs/2048114 (not yet public)
Mailing List : [security-sig] openstack-discuss@lists.openstack.org