8 matches found
CVE-2023-40585
ironic-image is a container image to run OpenStack Ironic as part of Metal³. Prior to version capm3-v1.4.3, if Ironic is not deployed with TLS and it does not have API and Conductor split into separate services, access to the API is not protected by any authentication. Ironic API is also listenin...
Metal3 Ironic Container 安全漏洞
The Metal3 Ironic Container is a file required to build Ironic images used by Metal3. A security vulnerability exists in Metal3 Ironic Container versions prior to 24.1.0, which stems from a vulnerability that allows an unauthenticated attacker to gain local access to the Ironic API...
CVE-2023-40585
ironic-image is a container image to run OpenStack Ironic as part of Metal³. Prior to version capm3-v1.4.3, if Ironic is not deployed with TLS and it does not have API and Conductor split into separate services, access to the API is not protected by any authentication. Ironic API is also listenin...
Authentication flaw
ironic-image is a container image to run OpenStack Ironic as part of Metal³. Prior to version capm3-v1.4.3, if Ironic is not deployed with TLS and it does not have API and Conductor split into separate services, access to the API is not protected by any authentication. Ironic API is also listenin...
CVE-2023-40585 Unauthenticated access to Ironic API
ironic-image is a container image to run OpenStack Ironic as part of Metal³. Prior to version capm3-v1.4.3, if Ironic is not deployed with TLS and it does not have API and Conductor split into separate services, access to the API is not protected by any authentication. Ironic API is also listenin...
DEBIAN-CVE-2016-4985
The ironic-api service in OpenStack Ironic before 4.2.5 Liberty and 5.x before 5.1.2 Mitaka allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the...
CVE-2016-4985
The ironic-api service in OpenStack Ironic before 4.2.5 Liberty and 5.x before 5.1.2 Mitaka allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the...
CVE-2016-4985
The ironic-api service in OpenStack Ironic before 4.2.5 Liberty and 5.x before 5.1.2 Mitaka allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the...