Ironic
by OpenStack
Source repositories
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-54421 | Med | 0.44 | 6.8 | 0.00 | Jun 14, 2026 | In OpenStack Ironic through 35.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information (such as iSCSI credentials). The PATCH outcome is a security issue; the POST outcome is not a security… | ||
| CVE-2015-7514 | Med | 0.42 | 6.5 | 0.02 | Jun 7, 2017 | OpenStack Ironic 4.2.0 through 4.2.1 does not "clean" the disk after use, which allows remote authenticated users to obtain sensitive information. | ||
| CVE-2026-48681 | Med | 0.38 | 5.9 | 0.01 | Jun 4, 2026 | OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image. | ||
| CVE-2026-50589 | Med | 0.34 | 5.3 | 0.00 | Jun 5, 2026 | In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash. | ||
| CVE-2026-46447 | Med | 0.31 | 5.8 | 0.00 | Jun 3, 2026 | OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info. | ||
| CVE-2024-47211 | Med | 0.28 | 5.3 | 0.01 | Oct 4, 2024 | In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied image_source URLs when configured to convert images to a raw format for streaming. | ||
| CVE-2024-44082 | Med | 0.28 | 4.3 | 0.01 | Sep 6, 2024 | In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to… | ||
| CVE-2026-44917 | Med | 0.25 | 4.9 | 0.00 | Jun 4, 2026 | OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxe_template. | ||
| CVE-2026-44919 | Med | 0.21 | 4.3 | 0.00 | May 14, 2026 | In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL. | ||
| CVE-2026-44916 | Low | 0.20 | 3.0 | 0.00 | May 8, 2026 | In OpenStack Ironic before 35.0.2 (in a certain non-default configuration), instance_info['ks_template'] is rendered without sandboxing. | ||
| CVE-2025-44021 | Low | 0.11 | 2.8 | 0.00 | May 8, 2025 | OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling (if a deployment was performed via the API). A malicious project assigned as a node owner can provide a path to any local file (readable by ironic-conductor), which may then be… |
- risk 0.44cvss 6.8epss 0.00
In OpenStack Ironic through 35.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information (such as iSCSI credentials). The PATCH outcome is a security issue; the POST outcome is not a security…
- risk 0.42cvss 6.5epss 0.02
OpenStack Ironic 4.2.0 through 4.2.1 does not "clean" the disk after use, which allows remote authenticated users to obtain sensitive information.
- risk 0.38cvss 5.9epss 0.01
OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image.
- risk 0.34cvss 5.3epss 0.00
In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash.
- risk 0.31cvss 5.8epss 0.00
OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info.
- risk 0.28cvss 5.3epss 0.01
In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied image_source URLs when configured to convert images to a raw format for streaming.
- risk 0.28cvss 4.3epss 0.01
In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to…
- risk 0.25cvss 4.9epss 0.00
OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxe_template.
- risk 0.21cvss 4.3epss 0.00
In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL.
- risk 0.20cvss 3.0epss 0.00
In OpenStack Ironic before 35.0.2 (in a certain non-default configuration), instance_info['ks_template'] is rendered without sandboxing.
- risk 0.11cvss 2.8epss 0.00
OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling (if a deployment was performed via the API). A malicious project assigned as a node owner can provide a path to any local file (readable by ironic-conductor), which may then be…