Vulnerability	Vulnerable Version
M Directory Traversal ironic is an OpenStack Bare Metal Provisioning Affected versions of this package are vulnerable to Directory Traversal via the handling of `file://` image URLs during the deployment process. An attacker can write, list, view, edit, create, or delete unintended files to a target node disk by providing a path to any local file that is readable by the ironic-conductor. This is only exploitable if the environment is running with non-default, insecure configurations such as with automated cleaning disabled. How to fix Directory Traversal? Upgrade `ironic` to version 24.1.4, 26.1.2, 29.0.2 or higher.	[,24.1.4)[25.0.0,26.1.2)[27.0.0,29.0.2)

Directory Traversal

ironic is an OpenStack Bare Metal Provisioning

Affected versions of this package are vulnerable to Directory Traversal via the handling of file:// image URLs during the deployment process. An attacker can write, list, view, edit, create, or delete unintended files to a target node disk by providing a path to any local file that is readable by the ironic-conductor. This is only exploitable if the environment is running with non-default, insecure configurations such as with automated cleaning disabled.

How to fix Directory Traversal?

Upgrade ironic to version 24.1.4, 26.1.2, 29.0.2 or higher.

[,24.1.4)[25.0.0,26.1.2)[27.0.0,29.0.2)

Go back to all versions of this package