PT-2023-27521 · Ironic +2 · Ironic +2

Name of the Vulnerable Software and Affected Versions: ironic-image versions prior to capm3-v1.4.3 Description: The issue arises when Ironic is not deployed with TLS and does not have API and Conductor split into separate services, resulting in unprotected access to the API. By default, Ironic AP...

Metal3 Ironic Container 访问控制错误漏洞

The Metal3 Ironic Container is the file required to build Ironic images used by Metal3. An access control error vulnerability exists in Metal3 Ironic Container versions prior to capm3-v1.4.3, which stems from a vulnerability that allows an unauthenticated attacker to access Ironic APIs that are n...