PT-2025-20397 · Openstack+1 · Openstack Ironic+1
Julia Kreger
·
Published
2025-05-08
·
Updated
2025-05-08
·
CVE-2025-44021
CVSS v3.1
2.8
Low
| Vector | AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
OpenStack Ironic versions prior to 24.1.3
OpenStack Ironic versions prior to 26.1.1
OpenStack Ironic versions prior to 29.0.1
Description
The issue allows a malicious project assigned as a node owner to provide a path to any local file readable by
ironic-conductor, which may then be written to the target node disk during image handling via the API. This is particularly dangerous in environments with non-default, insecure configurations, such as those with automated cleaning disabled.Recommendations
For versions prior to 24.1.3, update to version 24.1.3 or later.
For versions prior to 26.1.1, update to version 26.1.1 or later.
For versions prior to 29.0.1, update to version 29.0.1 or later.
As a temporary workaround, consider restricting access to the
ironic-conductor service to minimize the risk of exploitation.Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Openstack Ironic