Package "mistral-engine"
| Name: |
mistral-engine
|
Description: |
OpenStack Workflow service - Engine
|
| Latest version: |
14.0.0-0ubuntu1.1 |
| Release: |
jammy (22.04) |
| Level: |
updates |
| Repository: |
universe |
| Head package: |
mistral |
| Homepage: |
https://github.com/openstack/mistral |
Links
Download "mistral-engine"
Other versions of "mistral-engine" in Jammy
Changelog
|
mistral (14.0.0-0ubuntu1.1) jammy-security; urgency=medium
* SECURITY UPDATE: unauthorized resource publication via overly permissive
publicize policies in workflows, actions, event triggers, code sources,
dynamic actions, workbooks, cron triggers, and environments.
- debian/patches/CVE-2026-41283-1.patch: restrict publicize policies to
admin_only for workflows, actions and event triggers.
- debian/patches/CVE-2026-41283-2.patch: clean up unnecessary
expect_errors=True in policy tests.
- debian/patches/CVE-2026-41283-3.patch: add code_sources:publicize
policy (admin_only) and enforce on create/update.
- debian/patches/CVE-2026-41283-4.patch: restrict code_sources and
dynamic_actions operations to admin_only.
- debian/patches/CVE-2026-41283-5.patch: add dynamic_actions:publicize
policy (admin_only) and enforce on create/update.
- debian/patches/CVE-2026-41283-6.patch: add workbooks:publicize policy
(admin_only) and enforce on create/update.
- debian/patches/CVE-2026-41283-7.patch: add cron_triggers:publicize
policy (admin_only) and enforce on create.
- debian/patches/CVE-2026-41283-8.patch: add environments:publicize
policy (admin_only) and enforce on create/update.
- CVE-2026-41283
-- Federico Quattrin <email address hidden> Tue, 09 Jun 2026 16:20:02 -0300
|
| CVE-2026-41283 |
OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which |
|
About
-
Send Feedback to @ubuntu_updates
