Search Results (15 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-54423 1 Openstack 1 Ironic 2026-07-09 6.5 Medium
A malicious user with access to deploy a node directly via Ironic can specify the IPMI send_raw deployment step with a malicious payload and send commands to that nodes' BMC. IPMI send_raw capability is exposed multiple ways, including via VendorPassthru interfaces (restricted to system admin) and other step based flows such as cleaning or servicing. This also means any malicious user with the ability to initiate manual cleaning and servicing flows with arbitrary steps can also execute this vulnerability.
CVE-2026-54421 1 Openstack 1 Ironic 2026-06-16 6.8 Medium
In OpenStack Ironic before 37.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information (such as iSCSI credentials). The PATCH outcome is a security issue; the POST outcome is not a security issue.
CVE-2026-50589 1 Openstack 1 Ironic 2026-06-16 5.3 Medium
In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash.
CVE-2026-46447 1 Openstack 1 Ironic 2026-06-15 5.8 Medium
OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info.
CVE-2026-48681 1 Openstack 1 Ironic 2026-06-04 5.9 Medium
OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image.
CVE-2026-44917 1 Openstack 1 Ironic 2026-06-04 4.9 Medium
OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxe_template.
CVE-2026-44919 1 Openstack 1 Ironic 2026-05-20 4.3 Medium
In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL.
CVE-2026-42510 1 Openstack 1 Ironic 2026-05-20 6.6 Medium
OpenStack Ironic before 35.0.1 allows ipmitool execution in a non-default configuration that has a console interface.
CVE-2026-44916 1 Openstack 1 Ironic 2026-05-20 3 Low
In OpenStack Ironic before 35.0.2 (in a certain non-default configuration), instance_info['ks_template'] is rendered without sandboxing.
CVE-2026-42997 1 Openstack 1 Ironic 2026-05-06 7.7 High
An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token (which provides access to all OpenStack services Ironic is authorized for); or basic credentials configured for molds storage. The fixed versions are 26.1.6, 29.0.5, 32.0.1, and 35.0.1.
CVE-2026-43003 1 Openstack 2 Ironic-python-agent, Ironic Python Agent 2026-05-04 8 High
An issue was discovered in OpenStack ironic-python-agent 1.0.0 through 11.5.0. Ironic Python Agent (IPA) sometimes executes grub-install from within a chroot of the deployed partition image, leading to code execution in the case of a malicious image.
CVE-2025-44021 1 Openstack 1 Ironic 2026-04-15 2.8 Low
OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling (if a deployment was performed via the API). A malicious project assigned as a node owner can provide a path to any local file (readable by ironic-conductor), which may then be written to the target node disk. This is difficult to exploit in practice, because a node deployed in this manner should never reach the ACTIVE state, but it still represents a danger in environments running with non-default, insecure configurations such as with automated cleaning disabled. The fixed versions are 24.1.3, 26.1.1, and 29.0.1.
CVE-2015-7514 1 Openstack 1 Ironic 2025-04-20 N/A
OpenStack Ironic 4.2.0 through 4.2.1 does not "clean" the disk after use, which allows remote authenticated users to obtain sensitive information.
CVE-2015-5306 2 Openstack, Redhat 3 Ironic Inspector, Openstack, Openstack-director 2025-04-12 N/A
OpenStack Ironic Inspector (aka ironic-inspector or ironic-discoverd), when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error.
CVE-2019-10141 2 Openstack, Redhat 4 Ironic-inspector, Enterprise Linux, Openstack and 1 more 2024-11-21 N/A
A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's node_cache.find_node(). This function makes a SQL query using unfiltered data from a server reporting inspection results (by a POST to the /v1/continue endpoint). Because the API is unauthenticated, the flaw could be exploited by an attacker with access to the network on which ironic-inspector is listening. Because of how ironic-inspector uses the query results, it is unlikely that data could be obtained. However, the attacker could pass malicious data and create a denial of service.