=====================================================================

                              CERT-Renater

                    Note d'Information No. 2024/VULN114
_____________________________________________________________________

DATE                : 12/03/2024

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running OpenStack Murano.

=====================================================================
https://wiki.openstack.org/wiki/OSSN/OSSN-0093
_____________________________________________________________________

   OSSN/OSSN-0093
< OSSN
Sommaire

      1 Unresolved Vulnerability in Murano
          1.1 Summary
          1.2 Affected Services / Software
          1.3 Discussion
          1.4 Recommended Actions
          1.5 Contacts / References

Unresolved Vulnerability in Murano
Summary

A severe security vulnerability in all versions of the Murano service
will be disclosed at a later date. Murano is an inactive project, so
no fix is currently under development for this vulnerability. It is
strongly recommended that any OpenStack deployments disable or fully
remove Murano, if installed, at the earliest opportunity. This
security note will be amended at the time of public disclosure to
include further details and context, but action should be taken as
soon as possible in order to minimize the risk it poses.


Affected Services / Software

Murano


Discussion

This security note is a redacted placeholder, and will be amended
with complete details once the associated bug report becomes public.


Recommended Actions

Disable the Murano service in, or fully remove it from, all
OpenStack deployments at the earliest opportunity.


Contacts / References


Author:

      Jeremy Stanley, OpenStack Vulnerability Coordinator


This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0093

Original LaunchPad Bug : https://launchpad.net/bugs/2048114
(not yet public)

Mailing List : [security-sig] openstack-discuss@lists.openstack.org

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================