CVE-2024-31463

A vulnerability was found in Ironic-image. This issue occurs when setting IRONICREVERSEPROXYSETUP to 'true', which may allow unauthenticated local access to the Ironic API private port without authentication. Mitigation Below are two mitigations for this vulnerability: 1. Switch to using unix...

CVE-2024-31463

Ironic-image is an OpenStack Ironic deployment packaged and configured by Metal3. When the reverse proxy mode is enabled by the IRONICREVERSEPROXYSETUP variable set to true, 1 HTTP basic credentials are validated on the HTTPD side in a separate container, not in the Ironic service itself and 2...

CVE-2024-31463

The CVE-2024-31463 entry concerns Ironic-image in reverse proxy mode. When IRONIC_REVERSE_PROXY_SETUP is true, HTTP basic creds are validated in the HTTPD container and Ironic listens on a private port (6388) on localhost, enabling unauthenticated access to the Ironic API for pods/local users on ...

CVE-2024-31463 Ironic-image allows unauthenticated local access to Ironic API

Ironic-image is an OpenStack Ironic deployment packaged and configured by Metal3. When the reverse proxy mode is enabled by the IRONICREVERSEPROXYSETUP variable set to true, 1 HTTP basic credentials are validated on the HTTPD side in a separate container, not in the Ironic service itself and 2...

CVE-2024-31463 Ironic-image allows unauthenticated local access to Ironic API

Ironic-image is an OpenStack Ironic deployment packaged and configured by Metal3. When the reverse proxy mode is enabled by the IRONICREVERSEPROXYSETUP variable set to true, 1 HTTP basic credentials are validated on the HTTPD side in a separate container, not in the Ironic service itself and 2...

CVE-2024-31463 Ironic-image allows unauthenticated local access to Ironic API

Ironic-image is an OpenStack Ironic deployment packaged and configured by Metal3. When the reverse proxy mode is enabled by the IRONICREVERSEPROXYSETUP variable set to true, 1 HTTP basic credentials are validated on the HTTPD side in a separate container, not in the Ironic service itself and 2...

SUSE CVE-2024-28718

An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the certmanager.py. component...

OpenStack magnum vulnerable to time-of-check to time-of-use (TOCTOU) attack

An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the certmanager.py. component...

GHSA-JX7X-9R98-H5XR OpenStack magnum vulnerable to time-of-check to time-of-use (TOCTOU) attack

An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the certmanager.py. component...

CVE-2024-28718

An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the certmanager.py. component...

CVE-2024-28718

An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the certmanager.py. component...

CVE-2024-28718

An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the certmanager.py. component...

UBUNTU-CVE-2024-28718

An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the certmanager.py. component...

OpenStack 安全漏洞

OpenStack is a cloud platform management program of the National Aeronautics and Space Administration NASA. A security vulnerability exists in the OpenStack magnum yoga-eom version that stems from allowing remote attackers to execute arbitrary code via the certmanager.py component...

PT-2024-22538 · Openstack · Openstack Magnum

Name of the Vulnerable Software and Affected Versions: OpenStack magnum yoga-eom version affected versions not specified Description: An issue in the software allows a remote attacker to execute arbitrary code via the cert manager.py component. Recommendations: At the moment, there is no...

CVE-2024-28718

CVE-2024-28718 affects the OpenStack Magnum yoga-eom release. A vulnerability in the cert_manager.py component allows a remote attacker to execute arbitrary code, described as a remote code execution issue. Multiple connected sources characterize this as a high-severity flaw (CVSS v3.1: 9.8, Netw...

CVE-2024-28718

An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the certmanager.py. component...

CVE-2024-28718

An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the certmanager.py. component...

ROS-20240409-13

A vulnerability in the python-eventlet library of the OpenStack Platform cloud building platform is related to incorrect resource sweeping or freeing. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

OESA-2024-1330 python-yaql security update

YAQL Yet Another Query Language is an embeddable and extensible query language, that allows performing complex queries against arbitrary objects. It has a vast and comprehensive standard library of frequently used querying functions and can be extend even further with user-specified functions. YA...