OpenStack vulnerability

2024-09-0400:00:00

ubuntu.com

openstack

ironic

image processing

vulnerability

ubuntu 24.04 lts

ubuntu 22.04 lts

unauthorized access

sensitive data

AI Score

6.7

Confidence

Low

EPSS

Percentile

16.3%

JSON

Releases

Ubuntu 24.04 LTS
Ubuntu 22.04 LTS

Packages

ironic - Openstack bare metal provisioning service - API

Details

Dan Smith, Julia Kreger and Jay Faulkner discovered that in
image processing for Ironic, a specially crafted image
could be used by an authenticated user to exploit undesired behaviors
in qemu-img, including possible unauthorized access to potentially
sensitive data.

OSVersionArchitecturePackageVersionFilename
Ubuntu24.04noarchpython3-ironic< 1:24.1.1-0ubuntu1.2UNKNOWN
Ubuntu24.04noarchironic-api< 1:24.1.1-0ubuntu1.2UNKNOWN
Ubuntu24.04noarchironic-common< 1:24.1.1-0ubuntu1.2UNKNOWN
Ubuntu24.04noarchironic-conductor< 1:24.1.1-0ubuntu1.2UNKNOWN
Ubuntu22.04noarchpython3-ironic< 1:20.1.0-0ubuntu1.2UNKNOWN
Ubuntu22.04noarchironic-api< 1:20.1.0-0ubuntu1.2UNKNOWN
Ubuntu22.04noarchironic-common< 1:20.1.0-0ubuntu1.2UNKNOWN
Ubuntu22.04noarchironic-conductor< 1:20.1.0-0ubuntu1.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	24.04	noarch	python3-ironic	< 1:24.1.1-0ubuntu1.2	UNKNOWN
Ubuntu	24.04	noarch	ironic-api	< 1:24.1.1-0ubuntu1.2	UNKNOWN
Ubuntu	24.04	noarch	ironic-common	< 1:24.1.1-0ubuntu1.2	UNKNOWN
Ubuntu	24.04	noarch	ironic-conductor	< 1:24.1.1-0ubuntu1.2	UNKNOWN
Ubuntu	22.04	noarch	python3-ironic	< 1:20.1.0-0ubuntu1.2	UNKNOWN
Ubuntu	22.04	noarch	ironic-api	< 1:20.1.0-0ubuntu1.2	UNKNOWN
Ubuntu	22.04	noarch	ironic-common	< 1:20.1.0-0ubuntu1.2	UNKNOWN
Ubuntu	22.04	noarch	ironic-conductor	< 1:20.1.0-0ubuntu1.2	UNKNOWN