Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/06/16 2:33 p.m.7 views

CVE-2026-54421

A flaw was found in OpenStack Ironic. When an authorized user applies a PATCH operation to update volume properties, the system can inadvertently expose sensitive information, such as iSCSI credentials. This information disclosure vulnerability allows an attacker to gain access to credentials tha...

6.8CVSS4.9AI score0.00291EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/16 2:19 a.m.6 views

SUSE CVE-2026-54421

In OpenStack Ironic before 37.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information such as iSCSI credentials. The PATCH outcome is a security issue; the POST outcome is not a security issue...

6.8CVSS5.8AI score0.00291EPSS
Exploits0References3
NVD
NVD
added 2026/06/14 4:16 a.m.15 views

CVE-2026-54421

In OpenStack Ironic before 37.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information such as iSCSI credentials. The PATCH outcome is a security issue; the POST outcome is not a security issue...

6.8CVSS0.00291EPSS
Exploits0References3
OSV
OSV
added 2026/06/14 4:16 a.m.5 views

UBUNTU-CVE-2026-54421

In OpenStack Ironic before 37.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information such as iSCSI credentials. The PATCH outcome is a security issue; the POST outcome is not a security issue...

6.8CVSS5.8AI score0.00291EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/14 3:49 a.m.12 views

EUVD-2026-36658

In OpenStack Ironic through 35.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information such as iSCSI credentials. The PATCH outcome is a security issue; the POST outcome is not a security issue...

6.8CVSS5.3AI score0.00291EPSS
Exploits0References1
CVE
CVE
added 2026/06/14 3:49 a.m.34 views

CVE-2026-54421

CVE-2026-54421 affects OpenStack Ironic (through 35.0.1). A PATCH to update fields in volume properties, restricted to the user’s permissions, can disclose unredacted sensitive information (e.g., iSCSI credentials). The PATCH outcome is identified as a security issue; the POST outcome is not. Thi...

6.8CVSS5.2AI score0.00291EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/14 3:49 a.m.8 views

CVE-2026-54421

In OpenStack Ironic before 37.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information such as iSCSI credentials. The PATCH outcome is a security issue; the POST outcome is not a security issue...

6.8CVSS5.2AI score0.00291EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/14 12:0 a.m.19 views

PT-2026-49105

Name of the Vulnerable Software and Affected Versions OpenStack Ironic versions prior to 35.0.2 Description When applying a PATCH request to update fields in volume properties for which a user is authorized, the system may return unredacted sensitive information, such as iSCSI credentials. This...

6.8CVSS5.9AI score0.00291EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-54421

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenStack Ironic through 35.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensiti...

6.8CVSS5.9AI score0.00291EPSS
Exploits0References3
Rows per page
Query Builder