ironic 13.0.7 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the ironic package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Directory Traversal ironic is an OpenStack Bare Metal Provisioning Affected versions of this package are vulnerable to Directory Traversal via the handling of `file://` image URLs during the deployment process. An attacker can write, list, view, edit, create, or delete unintended files to a target node disk by providing a path to any local file that is readable by the ironic-conductor. This is only exploitable if the environment is running with non-default, insecure configurations such as with automated cleaning disabled. How to fix Directory Traversal? Upgrade `ironic` to version 24.1.4, 26.1.2, 29.0.2 or higher.	[,24.1.4)[25.0.0,26.1.2)[27.0.0,29.0.2)
H Improper Validation of Integrity Check Value ironic is an OpenStack Bare Metal Provisioning Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value due missing validations of checksum files of supplied `image_source` URLs, before the raw format conversion. How to fix Improper Validation of Integrity Check Value? Upgrade `ironic` to version 21.4.4, 23.0.3, 24.1.3, 26.1.1 or higher.	[,21.4.4)[22.0.0,23.0.3)[23.1.0,24.1.3)[25.0.0,26.1.1)
H Information Exposure ironic is an OpenStack Bare Metal Provisioning Affected versions of this package are vulnerable to Information Exposure via the image processing in `qemu-img`. Note: This is exploitable only for authenticated users. How to fix Information Exposure? Upgrade `ironic` to version 21.4.3, 23.0.2, 24.1.2, 26.1.0 or higher.	[,21.4.3)[22.0.0,23.0.2)[23.1.0,24.1.2)[25.0.0,26.1.0)

Vulnerability

Vulnerable Version

Directory Traversal

ironic is an OpenStack Bare Metal Provisioning

Affected versions of this package are vulnerable to Directory Traversal via the handling of file:// image URLs during the deployment process. An attacker can write, list, view, edit, create, or delete unintended files to a target node disk by providing a path to any local file that is readable by the ironic-conductor. This is only exploitable if the environment is running with non-default, insecure configurations such as with automated cleaning disabled.

How to fix Directory Traversal?

Upgrade ironic to version 24.1.4, 26.1.2, 29.0.2 or higher.

[,24.1.4)[25.0.0,26.1.2)[27.0.0,29.0.2)

Improper Validation of Integrity Check Value

ironic is an OpenStack Bare Metal Provisioning

Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value due missing validations of checksum files of supplied image_source URLs, before the raw format conversion.

How to fix Improper Validation of Integrity Check Value?

Upgrade ironic to version 21.4.4, 23.0.3, 24.1.3, 26.1.1 or higher.

[,21.4.4)[22.0.0,23.0.3)[23.1.0,24.1.3)[25.0.0,26.1.1)

Information Exposure

ironic is an OpenStack Bare Metal Provisioning

Affected versions of this package are vulnerable to Information Exposure via the image processing in qemu-img. Note: This is exploitable only for authenticated users.

How to fix Information Exposure?

Upgrade ironic to version 21.4.3, 23.0.2, 24.1.2, 26.1.0 or higher.

[,21.4.3)[22.0.0,23.0.2)[23.1.0,24.1.2)[25.0.0,26.1.0)

ironic@13.0.7 vulnerabilities

OpenStack Bare Metal Provisioning

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically