Lucene search
K

7 matches found

Veracode
Veracode
added 2025/05/14 5:47 a.m.9 views

Arbitrary File Write

Ironic is vulnerable to Arbitrary File Write. The vulnerability is due to insufficient validation of user-supplied file paths during image deployment via the API, allowing attackers to write unintended files to the target node disk...

2.8CVSS6.7AI score0.00149EPSS
Exploits0References7Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/09 5:20 a.m.10 views

CVE-2025-44021

A flaw was found in Ironic. It did not filter file:// paths when used as an image source except to ensure they were a file. This issue could cause config files from well-known paths to be written to disk on a node. Mitigation Currently, no mitigation is available for this vulnerability...

5.4CVSS6.5AI score0.00149EPSS
Exploits0References3
NVD
NVD
added 2025/05/08 5:16 p.m.32 views

CVE-2025-44021

OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling if a deployment was performed via the API. A malicious project assigned as a node owner can provide a path to any local file readable by ironic-conductor, which may then be written to the target...

2.8CVSS0.00149EPSS
Exploits0References3
CVE
CVE
added 2025/05/08 12:0 a.m.85 views

CVE-2025-44021

OpenStack Ironic prior to 29.0.1 is vulnerable to a local-file write during image handling when a deployment is performed via the API. A malicious project assigned as a node owner can supply a path to a local file (readable by ironic-conductor), which may then be written to the target node’s disk...

2.8CVSS3.8AI score0.00149EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/05/08 12:0 a.m.26 views

CVE-2025-44021

OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling if a deployment was performed via the API. A malicious project assigned as a node owner can provide a path to any local file readable by ironic-conductor, which may then be written to the target...

2.8CVSS0.00149EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/05/08 12:0 a.m.9 views

CVE-2025-44021

OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling if a deployment was performed via the API. A malicious project assigned as a node owner can provide a path to any local file readable by ironic-conductor, which may then be written to the target...

2.8CVSS5.6AI score0.00149EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/01/22 12:0 a.m.17 views

RHEL 9 : Red Hat OpenStack Platform 18.0.4 (openstack-ironic) (RHSA-2025:0439)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:0439 advisory. Ironic is a project which aims to provision bare metal as opposed to virtual machines by leveraging common technologies such as PXE boot and IPMI to...

5.3CVSS6.5AI score0.00662EPSS
Exploits0References5
Rows per page
Query Builder