CVE-2025-44021
- EPSS 0.01%
- Published 08.05.2025 00:00:00
- Last modified 12.05.2025 17:32:52
OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling (if a deployment was performed via the API). A malicious project assigned as a node owner can provide a path to any local file (readable by ironic-c...
CVE-2024-47211
- EPSS 0.37%
- Published 04.10.2024 18:15:08
- Last modified 21.11.2024 09:39:31
In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied image_source URLs when configured to convert images to a raw format for s...
CVE-2024-44082
- EPSS 0.12%
- Published 06.09.2024 01:15:11
- Last modified 07.11.2024 08:35:04
In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unau...
CVE-2015-7514
- EPSS 0.19%
- Published 07.06.2017 14:29:00
- Last modified 20.04.2025 01:37:25
OpenStack Ironic 4.2.0 through 4.2.1 does not "clean" the disk after use, which allows remote authenticated users to obtain sensitive information.