49 matches found
EUVD-2019-0067
Malware in sbrugna...
EUVD-2015-0025
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2019-10141
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in...
RHSA-2019:2505 Red Hat Security Advisory: openstack-ironic-inspector security update
Bulletin has no description...
RHSA-2019:1734 Red Hat Security Advisory: openstack-ironic-inspector security update
Bulletin has no description...
RHSA-2019:1669 Red Hat Security Advisory: openstack-ironic-inspector security update
Bulletin has no description...
RHSA-2019:1722 Red Hat Security Advisory: openstack-ironic-inspector security update
Bulletin has no description...
RHEL 7 : openstack-ironic-inspector (RHSA-2019:1734)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:1734 advisory. ironic-inspector is an auxiliary service for discovering hardware properties for a node managed by Ironic. Hardware introspection or hardware...
RHEL 7 : openstack-ironic-inspector (RHSA-2019:1669)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:1669 advisory. Nodes managed by Ironic may use the ironic-inspector auxiliary service to discover hardware properties. Hardware introspection or hardware properties...
RHEL 7 : openstack-ironic-inspector (RHSA-2019:2505)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2505 advisory. ironic-inspector is an auxiliary service for discovering hardware properties for a node managed by Ironic. Hardware introspection or hardware...
RHEL 7 : openstack-ironic-inspector (RHSA-2019:1722)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:1722 advisory. OpenStack Bare Metal ironic is a tool used to provision bare metal as opposed to virtual machines. It leverages common technologies such as PXE boot...
Improper Authorization
github.com/metal3-io/baremetal-operator is vulnerable to Improper Authorization. The .htpasswd files that Ironic and Ironic-inspector store as ConfigMaps rather than secrets when they are installed within Baremetal Operator using the deploy.sh file that is supplied. Anyone with access to the...
CVE-2023-30841
A flaw was found in the baremetal-operator, where the ironic and ironic-inspector deployed within the baremetal operator using the included deploy.sh store .htpasswd files as ConfigMaps instead of Secrets. This issue causes the plain-text username and hashed password to be readable by anyone havi...
Ironic and ironic-inspector may expose as ConfigMaps
Impact Ironic and ironic-inspector deployed within Baremetal Operator using the included deploy.sh store their .htpasswd files as ConfigMaps instead of Secrets. This causes the plain-text username and hashed password to be readable by anyone having a cluster-wide read-access to the management...
GHSA-9WH7-397J-722M Ironic and ironic-inspector may expose as ConfigMaps
Impact Ironic and ironic-inspector deployed within Baremetal Operator using the included deploy.sh store their .htpasswd files as ConfigMaps instead of Secrets. This causes the plain-text username and hashed password to be readable by anyone having a cluster-wide read-access to the management...
CVE-2023-30841 Ironic and ironic-inspector deployed within Baremetal Operator may expose as ConfigMaps
Baremetal Operator BMO is a bare metal host provisioning integration for Kubernetes. Prior to version 0.3.0, ironic and ironic-inspector deployed within Baremetal Operator using the included deploy.sh store their .htpasswd files as ConfigMaps instead of Secrets. This causes the plain-text usernam...
Openstack ironic-inspector has SQL injection vulnerability in node_cache
A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's nodecache.findnode. This function makes a SQL query using unfiltered data from a server reporting inspection...
GHSA-C7FC-CM7P-92R2 Openstack ironic-inspector has SQL injection vulnerability in node_cache
A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's nodecache.findnode. This function makes a SQL query using unfiltered data from a server reporting inspection...
The vulnerability of the node_cache.find_node() function in the Ironic Inspector daemon, a hardware self-analysis tool for the OpenStack cloud service creation platform, allows a malicious actor to trigger a service failure.
The vulnerability of the nodecache.findnode function in the Ironic Inspector hardware self-analysis daemon of the OpenStack SDN platform is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability could allow a malicious actor to cause service...
openstack-ironic-inspector: SQL Injection vulnerability when receiving introspection data
A SQL-injection vulnerability was found in openstack-ironic-inspector's nodecache.findnode. This function makes a SQL query using unfiltered data from a server reporting inspection results by a POST to the /v1/continue endpoint. Because the API is unauthenticated, the flaw could be exploited by a...