Search CVE reports
1 – 10 of 16 results
In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash.
1 affected package
ironic
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ironic | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
[Unknown description]
1 affected package
ironic
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ironic | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
[Unknown description]
1 affected package
ironic
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ironic | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
[Unknown description]
1 affected package
ironic
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ironic | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL.
1 affected package
ironic
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ironic | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
In OpenStack Ironic before 35.0.2 (in a certain non-default configuration), instance_info['ks_template'] is rendered without sandboxing.
1 affected package
ironic
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ironic | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token (which...
1 affected package
ironic
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ironic | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
An issue was discovered in OpenStack ironic-python-agent 1.0.0 through 11.5.0. Ironic Python Agent (IPA) sometimes executes grub-install from within a chroot of the deployed partition image, leading to code execution in the case...
1 affected package
ironic-python-agent
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ironic-python-agent | Needs evaluation | Needs evaluation | Not in release | — | — |
OpenStack Ironic before 35.0.1 allows ipmitool execution in a non-default configuration that has a console interface.
2 affected packages
ironic, openstack
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ironic | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| openstack | Not in release | Not in release | Not in release | — | — |
OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling (if a deployment was performed via the API). A malicious project assigned as a node owner can provide a path to any local file...
1 affected package
ironic
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ironic | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |