EUVD-2023-45147

Malicious code in bioql PyPI...

USN-6989-1 ironic vulnerability

Dan Smith, Julia Kreger and Jay Faulkner discovered that in image processing for Ironic, a specially crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.13.42 bug fix and security update

Red Hat OpenShift Container Platform release 4.13.42 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.15.11 bug fix and security update

Red Hat OpenShift Container Platform release 4.15.11 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...

CVE-2024-31463 Ironic-image allows unauthenticated local access to Ironic API

Ironic-image is an OpenStack Ironic deployment packaged and configured by Metal3. When the reverse proxy mode is enabled by the IRONICREVERSEPROXYSETUP variable set to true, 1 HTTP basic credentials are validated on the HTTPD side in a separate container, not in the Ironic service itself and 2...

CVE-2024-31463 Ironic-image allows unauthenticated local access to Ironic API

Ironic-image is an OpenStack Ironic deployment packaged and configured by Metal3. When the reverse proxy mode is enabled by the IRONICREVERSEPROXYSETUP variable set to true, 1 HTTP basic credentials are validated on the HTTPD side in a separate container, not in the Ironic service itself and 2...

PT-2024-24094 · Openstack · Ironic-Image

Name of the Vulnerable Software and Affected Versions: Ironic-image versions prior to 24.1.1 Description: The issue affects Ironic-image, an OpenStack Ironic deployment packaged and configured by Metal3, when the reverse proxy mode is enabled by setting the IRONIC REVERSE PROXY SETUP variable to...

CVE-2023-40585 Unauthenticated access to Ironic API

ironic-image is a container image to run OpenStack Ironic as part of Metal³. Prior to version capm3-v1.4.3, if Ironic is not deployed with TLS and it does not have API and Conductor split into separate services, access to the API is not protected by any authentication. Ironic API is also listenin...

CVE-2023-40585

CVE-2023-40585 affects the Metal³ ironic-image container used to run OpenStack Ironic. Prior to capm3-v1.4.3, if TLS is not used and API/Conductor aren’t split, the Ironic API can be accessed without authentication over the host network. The vulnerability description notes that the API is otherwi...