Search CVE reports
1 – 8 of 8 results
(OpenStack Ironic before 35.0.1 allows ipmitool execution in a non-defa ...)
2 affected packages
ironic, openstack
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ironic | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| openstack | Not in release | Not in release | Not in release | — | — |
OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling (if a deployment was performed via the API). A malicious project assigned as a node owner can provide a path to any local file...
1 affected package
ironic
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ironic | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied image_source URLs when configured to convert images...
1 affected package
ironic
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ironic | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
Some fixes available 2 of 13
In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img,...
2 affected packages
ironic, ironic-python-agent
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ironic | Needs evaluation | Fixed | Fixed | Ignored | Needs evaluation |
| ironic-python-agent | Needs evaluation | Needs evaluation | Not in release | Not in release | — |
Some fixes available 10 of 30
A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their...
5 affected packages
python-glance-store, python-os-brick, nova, ironic, cinder
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-glance-store | — | — | Fixed | Ignored | Ignored |
| python-os-brick | — | — | Fixed | Ignored | Ignored |
| nova | — | — | Fixed | Ignored | Ignored |
| ironic | — | — | Fixed | Ignored | Ignored |
| cinder | — | — | Fixed | Ignored | Ignored |
A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's node_cache.find_node(). This function...
1 affected package
ironic-inspector
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ironic-inspector | Not affected | Not affected | Not affected | Not affected | Vulnerable |
OpenStack Ironic 4.2.0 through 4.2.1 does not "clean" the disk after use, which allows remote authenticated users to obtain sensitive information.
1 affected package
ironic
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ironic | — | — | — | — | Not affected |
Some fixes available 1 of 5
The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a...
1 affected package
ironic
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ironic | — | — | — | — | Not affected |