PT-2024-32480 · Openstack+1 · Openstack Ironic+1
Julia Kreger
·
Published
2024-10-04
·
Updated
2024-11-05
·
CVE-2024-47211
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
OpenStack Ironic versions prior to 21.4.4
OpenStack Ironic versions 22.x through 23.x before 23.0.3
OpenStack Ironic versions 23.x through 24.x before 24.1.3
OpenStack Ironic versions 25.x through 26.x before 26.1.0
Description
The issue is related to a lack of checksum validation of supplied image source URLs when configured to convert images to a raw format for streaming. This affects the ability to ensure the integrity of the images being used.
Recommendations
For OpenStack Ironic versions prior to 21.4.4, update to version 21.4.4 or later.
For OpenStack Ironic versions 22.x through 23.x before 23.0.3, update to version 23.0.3 or later.
For OpenStack Ironic versions 23.x through 24.x before 24.1.3, update to version 24.1.3 or later.
For OpenStack Ironic versions 25.x through 26.x before 26.1.0, update to version 26.1.0 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Openstack Ironic