Lucene search
+L

358 matches found

OSV
OSV
added 4 days ago10 views

RHSA-2026:39811 Red Hat Security Advisory: Red Hat OpenStack Services on OpenShift 18.0 (openstack-ironic) security update

Bulletin has no description...

7.7CVSS6.1AI score0.00433EPSS
Exploits0References8
NVD
NVD
added 2026/07/10 4:17 a.m.11 views

CVE-2026-54423

In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the sendraw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control...

8.2CVSS0.00516EPSS
Exploits0References3
OSV
OSV
added 2026/07/10 4:17 a.m.6 views

DEBIAN-CVE-2026-54423

In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the sendraw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control...

8.2CVSS6.2AI score0.00516EPSS
Exploits0References1
NVD
NVD
added 2026/07/10 4:17 a.m.11 views

CVE-2026-44918

OpenStack Ironic through before 37.0.1 allows creation or modification of nodes cross-project without authorization...

5.5CVSS0.00426EPSS
Exploits0References5
OSV
OSV
added 2026/07/10 4:17 a.m.7 views

DEBIAN-CVE-2026-44918

OpenStack Ironic through before 37.0.1 allows creation or modification of nodes cross-project without authorization...

5.5CVSS6.1AI score0.00426EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/10 3:10 a.m.10 views

EUVD-2026-42781

In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the sendraw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control...

8.2CVSS6AI score0.00516EPSS
Exploits0References2
CVE
CVE
added 2026/07/10 3:10 a.m.20 views

CVE-2026-54423

OpenStack Ironic (before 37.0.1) is vulnerable: a user capable of deploying nodes via IPMI can abuse the IPMI send_raw step to send arbitrary IPMI commands to a node, bypassing Ironic’s access control. Impact is high (CVE-2026-54423). The root cause is the exposure of IPMI send_raw in deployment ...

8.2CVSS6AI score0.00516EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/10 3:10 a.m.37 views

CVE-2026-54423

In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the sendraw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control...

8.2CVSS0.00516EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/07/10 3:10 a.m.10 views

CVE-2026-54423

In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the sendraw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control...

8.2CVSS6.2AI score0.00516EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/07/10 3:10 a.m.8 views

CVE-2026-54423

In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the sendraw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control...

8.2CVSS6AI score0.00516EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/07/10 12:0 a.m.10 views

EUVD-2026-42777

OpenStack Ironic through before 37.0.1 allows creation or modification of nodes cross-project without authorization...

5.5CVSS5.9AI score0.00426EPSS
Exploits0References4
CVE
CVE
added 2026/07/10 12:0 a.m.12 views

CVE-2026-44918

OpenStack Ironic (up to 37.0.1) allows an authenticated project manager to create/modify nodes across projects without authorization, potentially misconfiguring which project owns a node and exposing secrets stored in volume connectors/targets. Red Hat notes a specific flaw where a manager can re...

5.5CVSS5.9AI score0.00426EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/10 12:0 a.m.34 views

CVE-2026-44918

OpenStack Ironic through before 37.0.1 allows creation or modification of nodes cross-project without authorization...

5.5CVSS0.00426EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/10 12:0 a.m.8 views

CVE-2026-44918

OpenStack Ironic through before 37.0.1 allows creation or modification of nodes cross-project without authorization...

5.5CVSS5.9AI score0.00426EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/07/08 3:0 p.m.6 views

Missing Authorization

Overview ironic is an OpenStack Bare Metal Provisioning Affected versions of this package are vulnerable to Missing Authorization in the sendraw process. An attacker can gain unauthorized control over hardware or cause a system outage by sending arbitrary IPMI commands to the BMC. This is only...

8.2CVSS6.2AI score0.00516EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-505 Injection vulnerability that affects ironic-discoverd

OpenStack Ironic Inspector aka ironic-inspector or ironic-discoverd, when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error...

9.2CVSS6.1AI score0.01585EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2026/06/22 12:21 p.m.8 views

CVE-2026-50589

A flaw was found in OpenStack Ironic. An unauthenticated malicious user could exploit this vulnerability by submitting a specially crafted JSON JavaScript Object Notation string to certain API Application Programming Interface or JSON-RPC Remote Procedure Call service endpoints. This could lead t...

7.5CVSS5.8AI score0.00433EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/16 2:33 p.m.12 views

CVE-2026-54421

A flaw was found in OpenStack Ironic. When an authorized user applies a PATCH operation to update volume properties, the system can inadvertently expose sensitive information, such as iSCSI credentials. This information disclosure vulnerability allows an attacker to gain access to credentials tha...

6.8CVSS4.9AI score0.00291EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/16 2:19 a.m.11 views

SUSE CVE-2026-54421

In OpenStack Ironic before 37.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information such as iSCSI credentials. The PATCH outcome is a security issue; the POST outcome is not a security issue...

6.8CVSS5.8AI score0.00291EPSS
Exploits0References3
NVD
NVD
added 2026/06/14 4:16 a.m.19 views

CVE-2026-54421

In OpenStack Ironic before 37.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information such as iSCSI credentials. The PATCH outcome is a security issue; the POST outcome is not a security issue...

6.8CVSS0.00291EPSS
Exploits0References3
Rows per page
Query Builder