7 matches found
Arbitrary File Write
Ironic is vulnerable to Arbitrary File Write. The vulnerability is due to insufficient validation of user-supplied file paths during image deployment via the API, allowing attackers to write unintended files to the target node disk...
CVE-2025-44021
A flaw was found in Ironic. It did not filter file:// paths when used as an image source except to ensure they were a file. This issue could cause config files from well-known paths to be written to disk on a node. Mitigation Currently, no mitigation is available for this vulnerability...
CVE-2025-44021
OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling if a deployment was performed via the API. A malicious project assigned as a node owner can provide a path to any local file readable by ironic-conductor, which may then be written to the target...
CVE-2025-44021
OpenStack Ironic prior to 29.0.1 is vulnerable to a local-file write during image handling when a deployment is performed via the API. A malicious project assigned as a node owner can supply a path to a local file (readable by ironic-conductor), which may then be written to the target node’s disk...
CVE-2025-44021
OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling if a deployment was performed via the API. A malicious project assigned as a node owner can provide a path to any local file readable by ironic-conductor, which may then be written to the target...
CVE-2025-44021
OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling if a deployment was performed via the API. A malicious project assigned as a node owner can provide a path to any local file readable by ironic-conductor, which may then be written to the target...
RHEL 9 : Red Hat OpenStack Platform 18.0.4 (openstack-ironic) (RHSA-2025:0439)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:0439 advisory. Ironic is a project which aims to provision bare metal as opposed to virtual machines by leveraging common technologies such as PXE boot and IPMI to...