In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data. The affected/fixed version details are: Ironic: <21.4.3, >=22.0.0 <23.0.2, >=23.1.0 <24.1.2, >=25.0.0 <26.0.1; Ironic-python-agent: <9.4.2, >=9.5.0 <9.7.1, >=9.8.0 <9.11.1, >=9.12.0 <9.13.1.
History

Thu, 07 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift_ironic:4.12::el9

Thu, 07 Nov 2024 08:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-862
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}


Thu, 24 Oct 2024 02:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.14::el9

Thu, 17 Oct 2024 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Ironic
CPEs cpe:/a:redhat:openshift_ironic:4.13::el9
Vendors & Products Redhat openshift Ironic

Thu, 10 Oct 2024 14:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.15::el9

Wed, 02 Oct 2024 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat openshift
CPEs cpe:/a:redhat:openshift:4.16::el9
Vendors & Products Redhat
Redhat openshift

Fri, 06 Sep 2024 17:15:00 +0000

Type Values Removed Values Added
Title openstack-ironic: Specially crafted image may allow authenticated users to gain access to potentially sensitive data
Weaknesses CWE-200
References
Metrics threat_severity

None

cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N'}

threat_severity

Important


Fri, 06 Sep 2024 15:00:00 +0000

Type Values Removed Values Added
References

Fri, 06 Sep 2024 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 06 Sep 2024 01:00:00 +0000

Type Values Removed Values Added
Description In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data. The affected/fixed version details are: Ironic: <21.4.3, >=22.0.0 <23.0.2, >=23.1.0 <24.1.2, >=25.0.0 <26.0.1; Ironic-python-agent: <9.4.2, >=9.5.0 <9.7.1, >=9.8.0 <9.11.1, >=9.12.0 <9.13.1.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-09-06T00:00:00

Updated: 2024-11-06T18:45:17.902Z

Reserved: 2024-08-19T00:00:00

Link: CVE-2024-44082

cve-icon Vulnrichment

Updated: 2024-09-06T13:24:17.341Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-09-06T01:15:11.150

Modified: 2024-11-07T08:35:04.653

Link: CVE-2024-44082

cve-icon Redhat

Severity : Important

Publid Date: 2024-09-04T00:00:00Z

Links: CVE-2024-44082 - Bugzilla