Lucene search

GitHub Advisory DatabaseGHSA-C7FC-CM7P-92R2

HistoryMay 24, 2022 - 4:51 p.m.

Openstack ironic-inspector has SQL injection vulnerability in node_cache

2022-05-2416:51:42

CWE-89

GitHub Advisory Database

github.com

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

7 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.1%

JSON

A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector’s node_cache.find_node(). This function makes a SQL query using unfiltered data from a server reporting inspection results (by a POST to the /v1/continue endpoint). Because the API is unauthenticated, the flaw could be exploited by an attacker with access to the network on which ironic-inspector is listening. Because of how ironic-inspector uses the query results, it is unlikely that data could be obtained. However, the attacker could pass malicious data and create a denial of service.

Affected configurations

Vulners

Node

ironicinspectorRange<8.2.1

ironicinspectorRange<8.0.3

ironicinspectorRange<7.2.4

ironicinspectorRange<6.0.3

ironicinspectorRange<5.0.2

CPENameOperatorVersion
ironic-inspectorlt8.2.1
ironic-inspectorlt8.0.3
ironic-inspectorlt7.2.4
ironic-inspectorlt6.0.3
ironic-inspectorlt5.0.2

Name	Operator	Version
ironic-inspector	lt	8.2.1
ironic-inspector	lt	8.0.3
ironic-inspector	lt	7.2.4
ironic-inspector	lt	6.0.3
ironic-inspector	lt	5.0.2

References

access.redhat.com/errata/RHSA-2019:2505

bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10141

docs.openstack.org/releasenotes/ironic-inspector/ocata.html#relnotes-5-0-2-7-origin-stable-ocata

docs.openstack.org/releasenotes/ironic-inspector/pike.html#relnotes-6-0-3-4-stable-pike

docs.openstack.org/releasenotes/ironic-inspector/queens.html#relnotes-7-2-4-stable-queens

docs.openstack.org/releasenotes/ironic-inspector/rocky.html#relnotes-8-0-3-stable-rocky

docs.openstack.org/releasenotes/ironic-inspector/stein.html#relnotes-8-2-1-stable-stein

github.com/advisories/GHSA-c7fc-cm7p-92r2

github.com/openstack/ironic-inspector/commit/9d107900b2e0b599397b84409580d46e0ed16291

nvd.nist.gov/vuln/detail/CVE-2019-10141

review.opendev.org/c/openstack/ironic-inspector/+/660234

storyboard.openstack.org/#!/story/2005678

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

7 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.1%

JSON

Related for GHSA-C7FC-CM7P-92R2