UBUNTU-CVE-2025-44021

OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling if a deployment was performed via the API. A malicious project assigned as a node owner can provide a path to any local file readable by ironic-conductor, which may then be written to the target...

CVE-2025-44021

OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling if a deployment was performed via the API. A malicious project assigned as a node owner can provide a path to any local file readable by ironic-conductor, which may then be written to the target...

PT-2025-20397 · Openstack +1 · Openstack Ironic +1

Name of the Vulnerable Software and Affected Versions: OpenStack Ironic versions prior to 24.1.3 OpenStack Ironic versions prior to 26.1.1 OpenStack Ironic versions prior to 29.0.1 Description: The issue allows a malicious project assigned as a node owner to provide a path to any local file...

CVE-2025-44021

OpenStack Ironic prior to 29.0.1 is vulnerable to a local-file write during image handling when a deployment is performed via the API. A malicious project assigned as a node owner can supply a path to a local file (readable by ironic-conductor), which may then be written to the target node’s disk...

OpenStack Ironic 安全漏洞

OpenStack Ironic is an integrated OpenStack program open-sourced by OpenStack. It is used to configure bare metal rather than virtual machines. A security vulnerability exists in OpenStack Ironic versions prior to 29.0.1, which stems from an unexpected file that may be written to the target node...

CVE-2025-44021

OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling if a deployment was performed via the API. A malicious project assigned as a node owner can provide a path to any local file readable by ironic-conductor, which may then be written to the target...

CVE-2025-44021

OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling if a deployment was performed via the API. A malicious project assigned as a node owner can provide a path to any local file readable by ironic-conductor, which may then be written to the target...

RHSA-2025:4187 Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (python-django) security update

Bulletin has no description...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (python-django) security update

An update for python-django is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 9 : Red Hat OpenStack Platform 17.1 (python-django) (RHSA-2025:4187)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:4187 advisory. Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as...

RHEL 7 : python-django-horizon (RHSA-2016:1269)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:1269 advisory. OpenStack Dashboard Horizon provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources...

RHEL 7 : openstack-neutron (RHSA-2014:1942)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:1942 advisory. OpenStack Networking neutron is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main functi...

RHEL 7 : Red Hat OpenStack Platform director (RHSA-2017:1504)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:1504 advisory. Red Hat OpenStack Platform director provides the facilities for deploying and monitoring a private or public infrastructure-as-a-service IaaS cloud...

RHEL 6 : openstack-neutron (RHSA-2014:1078)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:1078 advisory. OpenStack Networking Neutron is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main functi...

RHEL 6 : openstack-glance (RHSA-2013:1525)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:1525 advisory. The openstack-glance packages provide a service code name Glance that acts as a registry for virtual machine images. A flaw was found in the Glance...

RHEL 6 : openstack-glance (RHSA-2013:0209)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:0209 advisory. These packages provide a service code name Glance that acts as a registry for virtual machine images. It was found that when the OpenStack Glance...

RHEL 6 : openstack-keystone (RHSA-2013:1083)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:1083 advisory. The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token,...

RHEL 7 : openstack-nova (RHSA-2016:0364)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:0364 advisory. OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute...

RHEL 6 : openstack-packstack (RHSA-2013:0595)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2013:0595 advisory. PackStack is a command line utility that uses Puppet modules to support rapid deployment of OpenStack on existing servers over an SSH...

RHEL 6 / 7 : openstack-swift (RHSA-2015:1684)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:1684 advisory. OpenStack Object Storage swift provides object storage in virtual containers, which allows users to store and retrieve files arbitrary data. The...