CVE-2024-44082
Sept. 6, 2024, 3:15 p.m.
Tags
Product(s) Impacted
OpenStack Ironic
- <21.4.3
- >=22.0.0 <23.0.2
- >=23.1.0 <24.1.2
- >=25.0.0 <26.0.1
ironic-python-agent
- <9.4.2
- >=9.5.0 <9.7.1
- >=9.8.0 <9.11.1
- >=9.12.0 <9.13.1
Description
In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data. The affected/fixed version details are: Ironic: <21.4.3, >=22.0.0 <23.0.2, >=23.1.0 <24.1.2, >=25.0.0 <26.0.1; Ironic-python-agent: <9.4.2, >=9.5.0 <9.7.1, >=9.8.0 <9.11.1, >=9.12.0 <9.13.1.
Weaknesses
Date
Published: Sept. 6, 2024, 1:15 a.m.
Last Modified: Sept. 6, 2024, 3:15 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
cve@mitre.org
References
https://bugs.launchpad.net/
cve@mitre.org
https://security.openstack.org/
cve@mitre.org
https://www.openwall.com/
cve@mitre.org