{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-44082", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-11-06T18:45:17.902Z", "dateReserved": "2024-08-19T00:00:00", "datePublished": "2024-09-06T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-09-06T14:40:36.098628"}, "descriptions": [{"lang": "en", "value": "In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data. The affected/fixed version details are: Ironic: <21.4.3, >=22.0.0 <23.0.2, >=23.1.0 <24.1.2, >=25.0.0 <26.0.1; Ironic-python-agent: <9.4.2, >=9.5.0 <9.7.1, >=9.8.0 <9.11.1, >=9.12.0 <9.13.1."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://bugs.launchpad.net/ironic/+bug/2071740"}, {"url": "https://www.openwall.com/lists/oss-security/2024/09/04/4"}, {"url": "https://security.openstack.org/ossa/OSSA-2024-003.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-862", "lang": "en", "description": "CWE-862 Missing Authorization"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-09-06T13:24:10.861505Z", "id": "CVE-2024-44082", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-06T18:45:17.902Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-44082", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-06T13:24:10.861505Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-06T13:24:17.341Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://bugs.launchpad.net/ironic/+bug/2071740"}, {"url": "https://www.openwall.com/lists/oss-security/2024/09/04/4"}, {"url": "https://security.openstack.org/ossa/OSSA-2024-003.html"}], "descriptions": [{"lang": "en", "value": "In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data. The affected/fixed version details are: Ironic: <21.4.3, >=22.0.0 <23.0.2, >=23.1.0 <24.1.2, >=25.0.0 <26.0.1; Ironic-python-agent: <9.4.2, >=9.5.0 <9.7.1, >=9.8.0 <9.11.1, >=9.12.0 <9.13.1."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-09-06T14:40:36.098628"}}}, "cveMetadata": {"cveId": "CVE-2024-44082", "state": "PUBLISHED", "dateUpdated": "2024-11-06T18:45:17.902Z", "dateReserved": "2024-08-19T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-09-06T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data. The affected/fixed version details are: Ironic: <21.4.3, >=22.0.0 <23.0.2, >=23.1.0 <24.1.2, >=25.0.0 <26.0.1; Ironic-python-agent: <9.4.2, >=9.5.0 <9.7.1, >=9.8.0 <9.11.1, >=9.12.0 <9.13.1."}, {"lang": "es", "value": "En OpenStack Ironic anterior a la versi\u00f3n 26.0.1 y en ironic-python-agent anterior a la versi\u00f3n 9.13.1, existe una vulnerabilidad en el procesamiento de im\u00e1genes, en la que un usuario autenticado podr\u00eda utilizar una imagen creada para explotar comportamientos no deseados en qemu-img, incluido un posible acceso no autorizado a datos potencialmente confidenciales. Los detalles de la versi\u00f3n afectada/corregida son: Ironic: &lt;21.4.3, &gt;=22.0.0 &lt;23.0.2, &gt;=23.1.0 &lt;24.1.2, &gt;=25.0.0 &lt;26.0.1; Ironic-python-agent: &lt;9.4.2, &gt;=9.5.0 &lt;9.7.1, &gt;=9.8.0 &lt;9.11.1, &gt;=9.12.0 &lt;9.13.1."}], "id": "CVE-2024-44082", "lastModified": "2024-11-07T08:35:04.653", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-09-06T01:15:11.150", "references": [{"source": "cve@mitre.org", "url": "https://bugs.launchpad.net/ironic/+bug/2071740"}, {"source": "cve@mitre.org", "url": "https://security.openstack.org/ossa/OSSA-2024-003.html"}, {"source": "cve@mitre.org", "url": "https://www.openwall.com/lists/oss-security/2024/09/04/4"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"acknowledgement": "This issue was discovered by Dan Smith (Red Hat), Jay Faulkner (G-Research), and Julia Kreger (Red Hat).", "affected_release": [{"advisory": "RHSA-2024:8694", "cpe": "cpe:/a:redhat:openshift_ironic:4.12::el9", "package": "openstack-ironic-1:21.0.1-0.20240913135525.114badc.el9", "product_name": "Ironic content for Red Hat OpenShift Container Platform 4.12", "release_date": "2024-11-07T00:00:00Z"}, {"advisory": "RHSA-2024:7941", "cpe": "cpe:/a:redhat:openshift_ironic:4.13::el9", "package": "openstack-ironic-1:21.3.1-0.20240911165036.c0d61d0.el9", "product_name": "Ironic content for Red Hat OpenShift Container Platform 4.13", "release_date": "2024-10-16T00:00:00Z"}, {"advisory": "RHSA-2024:8235", "cpe": "cpe:/a:redhat:openshift:4.14::el9", "package": "openshift4/ose-ironic-rhel9:v4.14.0-202410111109.p0.g0b1212c.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-10-23T00:00:00Z"}, {"advisory": "RHSA-2024:7594", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "package": "openshift4/ose-ironic-rhel9:v4.15.0-202410011835.p0.gcff728e.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-10-09T00:00:00Z"}, {"advisory": "RHSA-2024:7174", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-ironic-rhel9:v4.16.0-202409202304.p0.gdd19aa0.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-10-02T00:00:00Z"}], "bugzilla": {"description": "openstack-ironic: Specially crafted image may allow authenticated users to gain access to potentially sensitive data", "id": "2309331", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309331"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "status": "verified"}, "cwe": "CWE-200", "details": ["In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data. The affected/fixed version details are: Ironic: <21.4.3, >=22.0.0 <23.0.2, >=23.1.0 <24.1.2, >=25.0.0 <26.0.1; Ironic-python-agent: <9.4.2, >=9.5.0 <9.7.1, >=9.8.0 <9.11.1, >=9.12.0 <9.13.1.", "A vulnerability was found in OpenStack Ironic. This flaw allows an authenticated user to use a specially crafted image to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-44082", "package_state": [{"cpe": "cpe:/a:redhat:openstack:16.1", "fix_state": "Out of support scope", "package_name": "openstack-ironic", "product_name": "Red Hat OpenStack Platform 16.1"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Affected", "package_name": "openstack-ironic", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:17.1", "fix_state": "Affected", "package_name": "openstack-ironic", "product_name": "Red Hat OpenStack Platform 17.1"}, {"cpe": "cpe:/a:redhat:openstack:18.0", "fix_state": "Affected", "package_name": "openstack-ironic", "product_name": "Red Hat OpenStack Platform 18.0"}], "public_date": "2024-09-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-44082\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-44082"], "statement": "This vulnerability in OpenStack Ironic is of high severity because it enables an authenticated user to craft malicious images that exploit the image format detection process. Since qemu-img automatically loads all image drivers to inspect the input data, an attacker can leverage unsafe features within certain image formats to trigger unexpected behaviors, including unauthorized access to sensitive memory or data leakage. The exposure of potentially sensitive data and the ability to exploit the image processing pipeline pose high risks to system integrity, particularly in environments like OpenStack Ironic, where bare-metal provisioning demands secure and precise control of image operations.", "threat_severity": "Important"}