234 matches found
CVE-2026-54423
In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the sendraw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control...
CVE-2026-44918
OpenStack Ironic through before 37.0.1 allows creation or modification of nodes cross-project without authorization...
EUVD-2026-42781
In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the sendraw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control...
CVE-2026-54423
OpenStack Ironic (before 37.0.1) is vulnerable: a user capable of deploying nodes via IPMI can abuse the IPMI send_raw step to send arbitrary IPMI commands to a node, bypassing Ironic’s access control. Impact is high (CVE-2026-54423). The root cause is the exposure of IPMI send_raw in deployment ...
CVE-2026-54423
In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the sendraw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control...
CVE-2026-54423
In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the sendraw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control...
EUVD-2026-42777
OpenStack Ironic through before 37.0.1 allows creation or modification of nodes cross-project without authorization...
CVE-2026-44918
OpenStack Ironic (up to 37.0.1) allows an authenticated project manager to create/modify nodes across projects without authorization, potentially misconfiguring which project owns a node and exposing secrets stored in volume connectors/targets. Red Hat notes a specific flaw where a manager can re...
CVE-2026-44918
OpenStack Ironic through before 37.0.1 allows creation or modification of nodes cross-project without authorization...
CVE-2026-44918
OpenStack Ironic through before 37.0.1 allows creation or modification of nodes cross-project without authorization...
CVE-2026-50589
A flaw was found in OpenStack Ironic. An unauthenticated malicious user could exploit this vulnerability by submitting a specially crafted JSON JavaScript Object Notation string to certain API Application Programming Interface or JSON-RPC Remote Procedure Call service endpoints. This could lead t...
CVE-2026-54421
A flaw was found in OpenStack Ironic. When an authorized user applies a PATCH operation to update volume properties, the system can inadvertently expose sensitive information, such as iSCSI credentials. This information disclosure vulnerability allows an attacker to gain access to credentials tha...
CVE-2026-54421
In OpenStack Ironic before 37.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information such as iSCSI credentials. The PATCH outcome is a security issue; the POST outcome is not a security issue...
EUVD-2026-36658
In OpenStack Ironic through 35.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information such as iSCSI credentials. The PATCH outcome is a security issue; the POST outcome is not a security issue...
CVE-2026-54421
In OpenStack Ironic before 37.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information such as iSCSI credentials. The PATCH outcome is a security issue; the POST outcome is not a security issue...
CVE-2026-54421
In OpenStack Ironic before 37.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information such as iSCSI credentials. The PATCH outcome is a security issue; the POST outcome is not a security issue...
CVE-2026-54421
In OpenStack Ironic before 37.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information such as iSCSI credentials. The PATCH outcome is a security issue; the POST outcome is not a security issue...
CVE-2026-54421
CVE-2026-54421 affects OpenStack Ironic (through 35.0.1). A PATCH to update fields in volume properties, restricted to the user’s permissions, can disclose unredacted sensitive information (e.g., iSCSI credentials). The PATCH outcome is identified as a security issue; the POST outcome is not. Thi...
PT-2026-49105
Name of the Vulnerable Software and Affected Versions OpenStack Ironic versions prior to 35.0.2 Description When applying a PATCH request to update fields in volume properties for which a user is authorized, the system may return unredacted sensitive information, such as iSCSI credentials. This...
Linux Distros Unpatched Vulnerability : CVE-2026-54421
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenStack Ironic through 35.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensiti...