Divius

**Name of the Vulnerable Software and Affected Versions** OpenStack Ironic versions prior to 35.0.2 **Description** When applying a PATCH request to update fields in volume properties for which a user is authorized, the system may return unredacted sensitive information, such as iSCSI credentials. This issue specifically occurs during the PATCH operation, whereas the POST operation does not result in this disclosure. **Recommendations** Update to version 35.0.2 or later.

**Name of the Vulnerable Software and Affected Versions** OpenStack Ironic versions 32 through 35.0.1 **Description** An unauthenticated malicious user can cause a service crash by submitting a crafted JSON string to certain endpoints on the API or JSON-RPC service. **Recommendations** Update OpenStack Ironic to a version later than 35.0.1.

**Name of the Vulnerable Software and Affected Versions** OpenStack Ironic versions prior to 35.0.1 **Description** In a non-default configuration that includes a console interface, the software allows the execution of ipmitool, a utility used to manage and configure Intelligent Platform Management Interface (IPMI) devices. **Recommendations** Update to version 35.0.1.