Package "python3-mistral"
| Name: |
python3-mistral
|
Description: |
OpenStack Workflow Service - Python 3 libraries
|
| Latest version: |
18.0.1-0ubuntu1.1 |
| Release: |
noble (24.04) |
| Level: |
security |
| Repository: |
universe |
| Head package: |
mistral |
| Homepage: |
https://opendev.org/openstack/mistral |
Links
Download "python3-mistral"
Other versions of "python3-mistral" in Noble
Changelog
|
mistral (18.0.1-0ubuntu1.1) noble-security; urgency=medium
* SECURITY UPDATE: unauthorized resource publication via overly permissive
publicize policies in workflows, actions, event triggers, code sources,
dynamic actions, workbooks, cron triggers, and environments.
- debian/patches/CVE-2026-41283-1.patch: restrict publicize policies to
admin_only for workflows, actions and event triggers.
- debian/patches/CVE-2026-41283-2.patch: clean up unnecessary
expect_errors=True in policy tests.
- debian/patches/CVE-2026-41283-3.patch: add code_sources:publicize
policy (admin_only) and enforce on create/update.
- debian/patches/CVE-2026-41283-4.patch: restrict code_sources and
dynamic_actions operations to admin_only.
- debian/patches/CVE-2026-41283-5.patch: add dynamic_actions:publicize
policy (admin_only) and enforce on create/update.
- debian/patches/CVE-2026-41283-6.patch: add workbooks:publicize policy
(admin_only) and enforce on create/update.
- debian/patches/CVE-2026-41283-7.patch: add cron_triggers:publicize
policy (admin_only) and enforce on create.
- debian/patches/CVE-2026-41283-8.patch: add environments:publicize
policy (admin_only) and enforce on create/update.
- CVE-2026-41283
-- Federico Quattrin <email address hidden> Tue, 09 Jun 2026 16:28:39 -0300
|
| CVE-2026-41283 |
OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which |
|
About
-
Send Feedback to @ubuntu_updates
