openstack-ironic-inspector is vulnerable to SQL Injection attacks. An attacker could exploit a flaw in the openstack-ironic-inspector’s node_cache.find_node() function to pass malicious data via a network on which ironic-inspector is listening which leads to denial of service conditions.
access.redhat.com/errata/RHSA-2019:1669
access.redhat.com/errata/RHSA-2019:2505
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1712027
bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10141
docs.openstack.org/releasenotes/ironic-inspector/ocata.html#relnotes-5-0-2-7-origin-stable-ocata
docs.openstack.org/releasenotes/ironic-inspector/pike.html#relnotes-6-0-3-4-stable-pike
docs.openstack.org/releasenotes/ironic-inspector/queens.html#relnotes-7-2-4-stable-queens
docs.openstack.org/releasenotes/ironic-inspector/rocky.html#relnotes-8-0-3-stable-rocky
docs.openstack.org/releasenotes/ironic-inspector/stein.html#relnotes-8-2-1-stable-stein