Back

CVE-2024-44082

Sept. 6, 2024, 3:15 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

OpenStack Ironic

  • <21.4.3
  • >=22.0.0 <23.0.2
  • >=23.1.0 <24.1.2
  • >=25.0.0 <26.0.1

ironic-python-agent

  • <9.4.2
  • >=9.5.0 <9.7.1
  • >=9.8.0 <9.11.1
  • >=9.12.0 <9.13.1

Source

cve@mitre.org

Tags

cve@mitre.org
2024-09-06
CVE-2024-44082

CVE-2024-44082 details

Published : Sept. 6, 2024, 1:15 a.m.
Last Modified : Sept. 6, 2024, 3:15 p.m.

Description

In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data. The affected/fixed version details are: Ironic: <21.4.3, >=22.0.0 <23.0.2, >=23.1.0 <24.1.2, >=25.0.0 <26.0.1; Ironic-python-agent: <9.4.2, >=9.5.0 <9.7.1, >=9.8.0 <9.11.1, >=9.12.0 <9.13.1.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description

References

URL Source
https://bugs.launchpad.net/ironic/+bug/2071740 cve@mitre.org
https://security.openstack.org/ossa/OSSA-2024-003.html cve@mitre.org
https://www.openwall.com/lists/oss-security/2024/09/04/4 cve@mitre.org
This website uses the NVD API, but is not approved or certified by it.