VYPR
High severityNVD Advisory· Published Jul 30, 2019· Updated Aug 4, 2024

CVE-2019-10141

CVE-2019-10141

Description

A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's node_cache.find_node(). This function makes a SQL query using unfiltered data from a server reporting inspection results (by a POST to the /v1/continue endpoint). Because the API is unauthenticated, the flaw could be exploited by an attacker with access to the network on which ironic-inspector is listening. Because of how ironic-inspector uses the query results, it is unlikely that data could be obtained. However, the attacker could pass malicious data and create a denial of service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
ironic-inspectorPyPI
< 5.0.25.0.2
ironic-inspectorPyPI
>= 5.1.0, < 6.0.36.0.3
ironic-inspectorPyPI
>= 6.1.0, < 7.2.47.2.4
ironic-inspectorPyPI
>= 8.0.0, < 8.0.38.0.3
ironic-inspectorPyPI
>= 8.1.0, < 8.2.18.2.1

Affected products

2

Patches

Vulnerability mechanics

References

16

News mentions

0

No linked articles in our index yet.