Search CVE reports
1 – 10 of 15 results
[Unknown description]
1 affected package
ironic
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ironic | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
[Unknown description]
1 affected package
ironic
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ironic | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
[Unknown description]
1 affected package
ironic
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ironic | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL.
1 affected package
ironic
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ironic | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
In OpenStack Ironic before 35.0.2 (in a certain non-default configuration), instance_info['ks_template'] is rendered without sandboxing.
1 affected package
ironic
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ironic | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token (which...
1 affected package
ironic
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ironic | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
An issue was discovered in OpenStack ironic-python-agent 1.0.0 through 11.5.0. Ironic Python Agent (IPA) sometimes executes grub-install from within a chroot of the deployed partition image, leading to code execution in the case...
1 affected package
ironic-python-agent
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ironic-python-agent | Needs evaluation | Needs evaluation | Not in release | — | — |
OpenStack Ironic before 35.0.1 allows ipmitool execution in a non-default configuration that has a console interface.
2 affected packages
ironic, openstack
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ironic | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| openstack | Not in release | Not in release | Not in release | — | — |
OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling (if a deployment was performed via the API). A malicious project assigned as a node owner can provide a path to any local file...
1 affected package
ironic
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ironic | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied image_source URLs when configured to convert images...
1 affected package
ironic
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ironic | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |