Lucene search
K

231 matches found

NVD
NVD
added 2023/08/25 9:15 p.m.33 views

CVE-2023-40585

ironic-image is a container image to run OpenStack Ironic as part of Metal³. Prior to version capm3-v1.4.3, if Ironic is not deployed with TLS and it does not have API and Conductor split into separate services, access to the API is not protected by any authentication. Ironic API is also listenin...

7.5CVSS7.4AI score0.00367EPSS
Exploits0References2
OSV
OSV
added 2023/08/25 8:31 p.m.23 views

CVE-2023-40585 Unauthenticated access to Ironic API

ironic-image is a container image to run OpenStack Ironic as part of Metal³. Prior to version capm3-v1.4.3, if Ironic is not deployed with TLS and it does not have API and Conductor split into separate services, access to the API is not protected by any authentication. Ironic API is also listenin...

7.3CVSS7.5AI score0.00367EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/08/25 8:31 p.m.31 views

CVE-2023-40585 Unauthenticated access to Ironic API

ironic-image is a container image to run OpenStack Ironic as part of Metal³. Prior to version capm3-v1.4.3, if Ironic is not deployed with TLS and it does not have API and Conductor split into separate services, access to the API is not protected by any authentication. Ironic API is also listenin...

7.3CVSS7.8AI score0.00367EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:13 a.m.5 views

SUSE CVE-2015-7514

OpenStack Ironic 4.2.0 through 4.2.1 does not "clean" the disk after use, which allows remote authenticated users to obtain sensitive information...

6.5CVSS6.7AI score0.01577EPSS
Exploits0References3
OSV
OSV
added 2022/05/24 4:51 p.m.10 views

GHSA-C7FC-CM7P-92R2 Openstack ironic-inspector has SQL injection vulnerability in node_cache

A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's nodecache.findnode. This function makes a SQL query using unfiltered data from a server reporting inspection...

8.3CVSS9AI score0.02464EPSS
Exploits0References16
Github Security Blog
Github Security Blog
added 2022/05/24 4:51 p.m.19 views

Openstack ironic-inspector has SQL injection vulnerability in node_cache

A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's nodecache.findnode. This function makes a SQL query using unfiltered data from a server reporting inspection...

9.1CVSS7AI score0.02464EPSS
Exploits0References16Affected Software1
OSV
OSV
added 2022/05/13 1:7 a.m.7 views

GHSA-F7CR-7C2C-FM8R OpenStack Ironic Exposure of Sensitive Information to an Unauthorized Actor

The ironic-api service in OpenStack Ironic before 4.2.5 Liberty and 5.x before 5.1.2 Mitaka allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the...

7.5CVSS7.2AI score0.02836EPSS
Exploits0References14
OSV
OSV
added 2020/03/11 11:30 a.m.2 views

SUSE-SU-2020:0640-1 Security update for ardana-cinder, ardana-cobbler, ardana-designate, ardana-extensions-example, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-input-model, ardana-ironic, ardana-keystone, ardana-logging, ardana-monasca, ardana-monasca-transform, ardana-mq, ardana-neutron, ardana-nova, ardana-octavia, ardana-osconfig, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, keepalived, mariadb, openstack-cinder, openstack-dashboard, openstack-dashboard-theme-SUSE, openstack-heat, openstack-heat-templates, openstack-horizon-plugin-designate-ui, openstack-horizon-plugin-neutron-lbaas-ui, openstack-ironic, openstack-keystone, openstack-monasca-agent, openstack-neutron, openstack-neutron-gbp, openstack-neutron-vsphere, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, openstack-resource-agents, openstack-sahara, openstack-trove, python-cinderlm, python-congressclient, python-designateclient, python-ironic-lib, python-networking-cisco, python-osc-lib, python-oslo.context, python-oslo.rootwrap, python-oslo.serialization, python-oslo.service, python-stevedore, python-taskflow, rubygem-crowbar-client, rubygem-pumavenv-openstack-swift

This update for ardana-cinder, ardana-cobbler, ardana-designate, ardana-extensions-example, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-input-model, ardana-ironic, ardana-keystone, ardana-logging, ardana-monasca, ardana-monasca-transform, ardana-mq, ardana-neutron, ardana-nova,...

9.3CVSS7.5AI score0.07836EPSS
Exploits1References39
RedHat Linux
RedHat Linux
added 2019/08/15 4:2 p.m.55 views

Important: Red Hat Security Advisory: openstack-ironic-inspector security update

An update for openstack-ironic-inspector is now available for Red Hat OpenStack Platform 9.0 Mitaka director. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

9.1CVSS7.5AI score0.02464EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2019/08/15 4:2 p.m.11 views

openstack-ironic-inspector: SQL Injection vulnerability when receiving introspection data

A SQL-injection vulnerability was found in openstack-ironic-inspector's nodecache.findnode. This function makes a SQL query using unfiltered data from a server reporting inspection results by a POST to the /v1/continue endpoint. Because the API is unauthenticated, the flaw could be exploited by a...

9.1CVSS5.8AI score0.02464EPSS
Exploits0References9
CNVD
CNVD
added 2019/08/05 12:0 a.m.6 views

openstack-ironic-inspector SQL Injection Vulnerability

openstack-ironic-inspector is a hardware inspection daemon. The program is mainly used to inspect the hardware properties of nodes managed by OpenStack Ironic. A SQL injection vulnerability exists in the 'nodecache.findnode' function in openstack-ironic-inspector. The vulnerability stems from a...

9.1CVSS8.1AI score0.02464EPSS
Exploits0References1
OSV
OSV
added 2019/07/30 5:15 p.m.4 views

DEBIAN-CVE-2019-10141

A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's nodecache.findnode. This function makes a SQL query using unfiltered data from a server reporting inspection...

9.1CVSS7.2AI score0.02464EPSS
Exploits0References1
OSV
OSV
added 2019/07/30 5:15 p.m.4 views

UBUNTU-CVE-2019-10141

A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's nodecache.findnode. This function makes a SQL query using unfiltered data from a server reporting inspection...

9.1CVSS7.3AI score0.02464EPSS
Exploits0References4
Prion
Prion
added 2019/07/30 5:15 p.m.19 views

Sql injection

A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's nodecache.findnode. This function makes a SQL query using unfiltered data from a server reporting inspection...

6.4CVSS9AI score0.02464EPSS
Exploits0References7Affected Software2
UbuntuCve
UbuntuCve
added 2019/07/30 5:15 p.m.22 views

CVE-2019-10141

A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's nodecache.findnode. This function makes a SQL query using unfiltered data from a server reporting inspection...

9.1CVSS7.2AI score0.02464EPSS
Exploits0References3
PyPA
PyPA
added 2019/07/30 5:15 p.m.7 views

PYSEC-2019-152

A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's nodecache.findnode. This function makes a SQL query using unfiltered data from a server reporting inspection...

9.1CVSS7.2AI score0.02464EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2019/07/30 5:15 p.m.39 views

PYSEC-2019-152

A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's nodecache.findnode. This function makes a SQL query using unfiltered data from a server reporting inspection...

9.1CVSS2.3AI score0.02464EPSS
Exploits0References8
Cvelist
Cvelist
added 2019/07/30 4:22 p.m.44 views

CVE-2019-10141

A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's nodecache.findnode. This function makes a SQL query using unfiltered data from a server reporting inspection...

8.3CVSS9.1AI score0.02464EPSS
Exploits0References7
CVE
CVE
added 2019/07/30 4:22 p.m.93 views

CVE-2019-10141

OpenStack Ironic Inspector (ironic-inspector) contains a SQL injection in node_cache.find_node() that uses unfiltered data from the /v1/continue POST. This API is unauthenticated, so an attacker with network access could exploit it to cause denial of service; data exfiltration is unlikely per the...

9.1CVSS8.8AI score0.02464EPSS
Exploits0References7Affected Software1
Debian CVE
Debian CVE
added 2019/07/30 4:22 p.m.79 views

CVE-2019-10141

A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's nodecache.findnode. This function makes a SQL query using unfiltered data from a server reporting inspection...

9.1CVSS8.8AI score0.02464EPSS
Exploits0
Rows per page
Query Builder