PT-2026-37211 · Openstack · Openstack Ironic
Dmitry Tantsur
+1
·
Published
2026-05-05
·
Updated
2026-05-06
·
CVE-2026-42997
CVSS v3.1
7.7
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
OpenStack Ironic versions prior to 26.1.6
OpenStack Ironic versions prior to 29.0.5
OpenStack Ironic versions prior to 32.0.1
OpenStack Ironic versions prior to 35.0.1
Description
An issue in idrac allows a user invoking molds during import to request that authorization be sent to a remote endpoint. This can result in the forwarding of basic credentials configured for molds storage or a time-limited Keystone token, which grants access to all OpenStack services that Ironic is authorized to use.
Recommendations
Update to version 26.1.6.
Update to version 29.0.5.
Update to version 32.0.1.
Update to version 35.0.1.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openstack Ironic