{"vulnerability": "CVE-2024-29156", "sightings": [{"uuid": "d6c21df7-898f-4680-83ff-e4624aee60fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-29156", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8760", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-29156\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information.\n\ud83d\udccf Published: 2024-03-18T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-25T20:07:53.472Z\n\ud83d\udd17 References:\n1. https://wiki.openstack.org/wiki/OSSN/OSSN-0093\n2. https://launchpad.net/bugs/2048114\n3. https://opendev.org/openstack/murano/tags\n4. https://opendev.org/openstack/yaql/commit/83e28324e1a0ce3970dd854393d2431123a909d3", "creation_timestamp": "2025-03-25T20:24:27.000000Z"}, {"uuid": "329da590-8e91-44e5-92ac-c1b1994bc0e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-29156", "type": "seen", "source": "https://t.me/ctinow/210261", "content": "https://ift.tt/M2GHjZU\nCVE-2024-29156", "creation_timestamp": "2024-03-18T08:26:46.000000Z"}, {"uuid": "9d60aa4a-038d-4d71-bb50-318cdeb56c30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-29156", "type": "seen", "source": "https://t.me/ctinow/210260", "content": "https://ift.tt/M2GHjZU\nCVE-2024-29156", "creation_timestamp": "2024-03-18T08:21:35.000000Z"}, {"uuid": "69f9bd0c-3d5d-480e-a3be-29a36604e4d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-29156", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10275", "content": "#exploit\n1. CVE-2024-27228:\nGoogle Pixel MFC H264 Processing Memory Corruption\nhttps://packetstormsecurity.com/files/177899/Google-Pixel-MFC-H264-Processing-Memory-Corruption.html\n\n2. CVE-2024-29156:\nOpenStack Admin Account Takeover due to Unsafe Environment Handling in MuranoPL\nhttps://sites.google.com/site/zhiniangpeng/blogs/Openstack", "creation_timestamp": "2024-04-09T11:11:05.000000Z"}, {"uuid": "2540937b-c526-418f-9977-03398400146c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-29156", "type": "seen", "source": "https://t.me/Rootsec_2/2817", "content": "#exploit\n1. CVE-2024-27228:\nGoogle Pixel MFC H264 Processing Memory Corruption\nhttps://packetstormsecurity.com/files/177899/Google-Pixel-MFC-H264-Processing-Memory-Corruption.html\n\n2. CVE-2024-29156:\nOpenStack Admin Account Takeover due to Unsafe Environment Handling in MuranoPL\nhttps://sites.google.com/site/zhiniangpeng/blogs/Openstack", "creation_timestamp": "2024-08-16T09:16:45.000000Z"}]}