Lucene search
K

221 matches found

NVD
NVD
added 2024/09/06 1:15 a.m.46 views

CVE-2024-44082

In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data...

4.3CVSS0.00545EPSS
Exploits0References3
OSV
OSV
added 2024/09/06 1:15 a.m.6 views

DEBIAN-CVE-2024-44082

In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data...

4.3CVSS6.5AI score0.00545EPSS
Exploits0References1
CVE
CVE
added 2024/09/06 12:0 a.m.161 views

CVE-2024-44082

OpenStack Ironic and ironic-python-agent are affected by CVE-2024-44082 in image processing, allowing a crafted image to trigger undesired qemu-img behaviors and potentially expose data. Affected: Ironic before 26.0.1; Ironic (versions): =22.0.0 =23.1.0 =25.0.0 <26.0.1. Ironic-python-agent: =9...

4.3CVSS6.5AI score0.00545EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/09/06 12:0 a.m.8 views

OpenStack Ironic 安全漏洞

OpenStack Ironic is an integrated OpenStack program open-sourced by OpenStack. It is used to configure bare metal rather than virtual machines. A security vulnerability exists in OpenStack Ironic versions prior to 26.0.1 and ironic-python-agent versions prior to 9.13.1, which stems from an issue ...

4.3CVSS6.2AI score0.00545EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/09/04 12:0 a.m.5 views

PT-2024-30939 · Openstack +3 · Openstack Ironic +4

Name of the Vulnerable Software and Affected Versions: OpenStack Ironic versions prior to 26.0.1 Ironic-python-agent versions prior to 9.13.1 Description: The issue concerns a vulnerability in image processing, where a crafted image could be used by an authenticated user to exploit undesired...

4.3CVSS6.4AI score0.00545EPSS
Exploits0References21
OSV
OSV
added 2024/09/04 12:0 a.m.1 views

UBUNTU-CVE-2024-44082

In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data...

4.3CVSS5.8AI score0.00545EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/04/28 12:0 a.m.21 views

RHEL 7 : openstack-ironic-inspector (RHSA-2019:1734)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:1734 advisory. ironic-inspector is an auxiliary service for discovering hardware properties for a node managed by Ironic. Hardware introspection or hardware...

9.1CVSS8.5AI score0.02464EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/04/27 12:0 a.m.16 views

RHEL 7 : openstack-ironic-inspector (RHSA-2019:2505)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2505 advisory. ironic-inspector is an auxiliary service for discovering hardware properties for a node managed by Ironic. Hardware introspection or hardware...

9.1CVSS8.5AI score0.02464EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/04/27 12:0 a.m.22 views

RHEL 7 : openstack-ironic-inspector (RHSA-2019:1669)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:1669 advisory. Nodes managed by Ironic may use the ironic-inspector auxiliary service to discover hardware properties. Hardware introspection or hardware properties...

9.1CVSS8.5AI score0.02464EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/04/27 12:0 a.m.18 views

RHEL 7 : openstack-ironic-inspector (RHSA-2019:1722)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:1722 advisory. OpenStack Bare Metal ironic is a tool used to provision bare metal as opposed to virtual machines. It leverages common technologies such as PXE boot...

9.1CVSS8.6AI score0.02464EPSS
Exploits0References4
NVD
NVD
added 2023/08/25 9:15 p.m.33 views

CVE-2023-40585

ironic-image is a container image to run OpenStack Ironic as part of Metal³. Prior to version capm3-v1.4.3, if Ironic is not deployed with TLS and it does not have API and Conductor split into separate services, access to the API is not protected by any authentication. Ironic API is also listenin...

7.5CVSS7.4AI score0.00367EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/08/25 8:31 p.m.31 views

CVE-2023-40585 Unauthenticated access to Ironic API

ironic-image is a container image to run OpenStack Ironic as part of Metal³. Prior to version capm3-v1.4.3, if Ironic is not deployed with TLS and it does not have API and Conductor split into separate services, access to the API is not protected by any authentication. Ironic API is also listenin...

7.3CVSS7.8AI score0.00367EPSS
Exploits0References2
OSV
OSV
added 2023/08/25 8:31 p.m.23 views

CVE-2023-40585 Unauthenticated access to Ironic API

ironic-image is a container image to run OpenStack Ironic as part of Metal³. Prior to version capm3-v1.4.3, if Ironic is not deployed with TLS and it does not have API and Conductor split into separate services, access to the API is not protected by any authentication. Ironic API is also listenin...

7.3CVSS7.5AI score0.00367EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:13 a.m.5 views

SUSE CVE-2015-7514

OpenStack Ironic 4.2.0 through 4.2.1 does not "clean" the disk after use, which allows remote authenticated users to obtain sensitive information...

6.5CVSS6.7AI score0.01577EPSS
Exploits0References3
OSV
OSV
added 2022/05/24 4:51 p.m.9 views

GHSA-C7FC-CM7P-92R2 Openstack ironic-inspector has SQL injection vulnerability in node_cache

A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's nodecache.findnode. This function makes a SQL query using unfiltered data from a server reporting inspection...

8.3CVSS9AI score0.02464EPSS
Exploits0References16
Github Security Blog
Github Security Blog
added 2022/05/24 4:51 p.m.19 views

Openstack ironic-inspector has SQL injection vulnerability in node_cache

A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's nodecache.findnode. This function makes a SQL query using unfiltered data from a server reporting inspection...

9.1CVSS7AI score0.02464EPSS
Exploits0References16Affected Software1
OSV
OSV
added 2022/05/13 1:7 a.m.6 views

GHSA-F7CR-7C2C-FM8R OpenStack Ironic Exposure of Sensitive Information to an Unauthorized Actor

The ironic-api service in OpenStack Ironic before 4.2.5 Liberty and 5.x before 5.1.2 Mitaka allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the...

7.5CVSS7.2AI score0.02836EPSS
Exploits0References14
OSV
OSV
added 2020/03/11 11:30 a.m.2 views

SUSE-SU-2020:0640-1 Security update for ardana-cinder, ardana-cobbler, ardana-designate, ardana-extensions-example, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-input-model, ardana-ironic, ardana-keystone, ardana-logging, ardana-monasca, ardana-monasca-transform, ardana-mq, ardana-neutron, ardana-nova, ardana-octavia, ardana-osconfig, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, keepalived, mariadb, openstack-cinder, openstack-dashboard, openstack-dashboard-theme-SUSE, openstack-heat, openstack-heat-templates, openstack-horizon-plugin-designate-ui, openstack-horizon-plugin-neutron-lbaas-ui, openstack-ironic, openstack-keystone, openstack-monasca-agent, openstack-neutron, openstack-neutron-gbp, openstack-neutron-vsphere, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, openstack-resource-agents, openstack-sahara, openstack-trove, python-cinderlm, python-congressclient, python-designateclient, python-ironic-lib, python-networking-cisco, python-osc-lib, python-oslo.context, python-oslo.rootwrap, python-oslo.serialization, python-oslo.service, python-stevedore, python-taskflow, rubygem-crowbar-client, rubygem-pumavenv-openstack-swift

This update for ardana-cinder, ardana-cobbler, ardana-designate, ardana-extensions-example, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-input-model, ardana-ironic, ardana-keystone, ardana-logging, ardana-monasca, ardana-monasca-transform, ardana-mq, ardana-neutron, ardana-nova,...

9.3CVSS7.5AI score0.07836EPSS
Exploits1References39
RedHat Linux
RedHat Linux
added 2019/08/15 4:2 p.m.55 views

Important: Red Hat Security Advisory: openstack-ironic-inspector security update

An update for openstack-ironic-inspector is now available for Red Hat OpenStack Platform 9.0 Mitaka director. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

9.1CVSS7.5AI score0.02464EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2019/08/15 4:2 p.m.8 views

openstack-ironic-inspector: SQL Injection vulnerability when receiving introspection data

A SQL-injection vulnerability was found in openstack-ironic-inspector's nodecache.findnode. This function makes a SQL query using unfiltered data from a server reporting inspection results by a POST to the /v1/continue endpoint. Because the API is unauthenticated, the flaw could be exploited by a...

9.1CVSS5.8AI score0.02464EPSS
Exploits0References9
Rows per page
Query Builder