PT-2025-20397 · Openstack +1 · Openstack Ironic +1

Name of the Vulnerable Software and Affected Versions: OpenStack Ironic versions prior to 24.1.3 OpenStack Ironic versions prior to 26.1.1 OpenStack Ironic versions prior to 29.0.1 Description: The issue allows a malicious project assigned as a node owner to provide a path to any local file...

CVE-2025-44021

OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling if a deployment was performed via the API. A malicious project assigned as a node owner can provide a path to any local file readable by ironic-conductor, which may then be written to the target...

CVE-2025-44021

OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling if a deployment was performed via the API. A malicious project assigned as a node owner can provide a path to any local file readable by ironic-conductor, which may then be written to the target...

RHSA-2025:4187 Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (python-django) security update

Bulletin has no description...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (python-django) security update

An update for python-django is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 9 : Red Hat OpenStack Platform 17.1 (python-django) (RHSA-2025:4187)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:4187 advisory. Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as...

RHEL 7 : Red Hat OpenStack Platform director (RHSA-2017:1504)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:1504 advisory. Red Hat OpenStack Platform director provides the facilities for deploying and monitoring a private or public infrastructure-as-a-service IaaS cloud...

RHEL 7 : openstack-neutron (RHSA-2014:1942)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:1942 advisory. OpenStack Networking neutron is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main functi...

RHEL 7 : openstack-glance (RHSA-2016:0309)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:0309 advisory. OpenStack Image Service glance provides discovery, registration, and delivery services for disk and server images. The service provides the ability t...

RHEL 6 : python-keystoneclient (RHSA-2013:0944)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:0944 advisory. Python-keystoneclient is the client library and command line utility for interacting with the OpenStack identity API. A flaw in Keystone allowed an...

RHEL 7 : openstack-ironic-discoverd (RHSA-2015:1929)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:1929 advisory. Ironic provides bare metal provisioning for OpenStack nodes. It was discovered that enabling debug mode in openstack-ironic-discoverd also enables...

RHEL 7 : redhat-access-plugin-openstack (RHSA-2015:0645)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2015:0645 advisory. The Red Hat Support plug-in for Red Hat OpenStack is a Technology Preview feature which offers seamless integrated access to Red Hat subscription...

RHEL 6 : openstack-neutron (RHSA-2014:1078)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:1078 advisory. OpenStack Networking Neutron is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main functi...

RHEL 6 : openstack-keystone (RHSA-2013:1083)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:1083 advisory. The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token,...

RHEL 6 : openstack-nova (RHSA-2014:0366)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:0366 advisory. OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform...

RHEL 7 : python-django-horizon (RHSA-2016:1269)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:1269 advisory. OpenStack Dashboard Horizon provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources...

RHEL 6 / 7 : openstack-swift (RHSA-2015:1684)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:1684 advisory. OpenStack Object Storage swift provides object storage in virtual containers, which allows users to store and retrieve files arbitrary data. The...

RHEL 6 : openstack-neutron (RHSA-2014:0899)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:0899 advisory. The openstack-neutron packages provide Openstack Networking neutron, the virtual network service. OpenStack Networking neutron is a pluggabl...

RHEL 6 : openstack-packstack (RHSA-2014:0233)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:0233 advisory. PackStack is a command-line utility that uses Puppet modules to support rapid deployment of OpenStack on existing servers over an SSH connection...

RHEL 6 : openstack-glance (RHSA-2013:1525)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:1525 advisory. The openstack-glance packages provide a service code name Glance that acts as a registry for virtual machine images. A flaw was found in the Glance...