Remote Code Execution in OpenStack Murano and Dashboard by improper YAML parsing
CVE-2016-4972
9.8CRITICAL
Key Information:
- Vendor
- Openstack
- Vendor
- CVE Published:
- 26 September 2016
Summary
OpenStack Murano, including its dashboard and the python-muranoclient, suffers from vulnerabilities due to improper handling of YAML loaders. This flaw enables remote attackers to design malicious YAML tags that can instantiate arbitrary Python objects. When exploited, this could lead to the execution of arbitrary code during the processing of UI definitions in Murano packages, posing significant risks to affected systems.
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved