6.8
CVE-2026-54421
- EPSS 0.29%
- Veröffentlicht 14.06.2026 03:49:37
- Zuletzt bearbeitet 16.06.2026 15:51:29
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
In OpenStack Ironic through 35.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information (such as iSCSI credentials). The PATCH outcome is a security issue; the POST outcome is not a security issue.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerOpenStack
≫
Produkt
Ironic
Default Statusunaffected
Version
17.0.0
Version <
29.0.6
Status
affected
Version
30.0.0
Version <
32.0.2
Status
affected
Version
33.0.0
Version <
35.0.2
Status
affected
Version
36.0.0
Version <
37.0.1
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.29% | 0.205 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cve@mitre.org | 6.8 | 2.3 | 4 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
|
CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer
The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.
https://bugs.launchpad.net/ironic/+bug/2155049