ironic 34.0.0

Direct Vulnerabilities

Known vulnerabilities in the ironic package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Incorrect Resource Transfer Between Spheres ironic is an OpenStack Bare Metal Provisioning Affected versions of this package are vulnerable to Incorrect Resource Transfer Between Spheres in the import process when a user invokes molds and requests authorization to be sent to a remote endpoint. The credential forwarded is a time-limited token or basic credentials configured for molds storage. An attacker can gain unauthorized access to resources by leveraging the forwarding of these credentials to a remote endpoint. How to fix Incorrect Resource Transfer Between Spheres? Upgrade `ironic` to version 26.1.6, 29.0.5, 32.0.1, 35.0.1 or higher.	[,26.1.6)[27.0.0,29.0.5)[30.0.0,32.0.1)[33.0.0,35.0.1)
H Unsafe Dependency Resolution ironic is an OpenStack Bare Metal Provisioning Affected versions of this package are vulnerable to Unsafe Dependency Resolution in the `ipmitool` process when a non-default configuration enables a console interface. An attacker can execute unauthorized commands by leveraging access to the untrusted control sphere. This is only exploitable if the console interface is enabled in a non-default configuration. How to fix Unsafe Dependency Resolution? Upgrade `ironic` to version 26.1.6, 29.0.5, 32.0.1, 35.0.1 or higher.	[,26.1.6)[27.0.0,29.0.5)[30.0.0,32.0.1)[33.0.0,35.0.1)

Vulnerability

Vulnerable Version

Incorrect Resource Transfer Between Spheres

ironic is an OpenStack Bare Metal Provisioning

Affected versions of this package are vulnerable to Incorrect Resource Transfer Between Spheres in the import process when a user invokes molds and requests authorization to be sent to a remote endpoint. The credential forwarded is a time-limited token or basic credentials configured for molds storage. An attacker can gain unauthorized access to resources by leveraging the forwarding of these credentials to a remote endpoint.

How to fix Incorrect Resource Transfer Between Spheres?

Upgrade ironic to version 26.1.6, 29.0.5, 32.0.1, 35.0.1 or higher.

[,26.1.6)[27.0.0,29.0.5)[30.0.0,32.0.1)[33.0.0,35.0.1)

Unsafe Dependency Resolution

ironic is an OpenStack Bare Metal Provisioning

Affected versions of this package are vulnerable to Unsafe Dependency Resolution in the ipmitool process when a non-default configuration enables a console interface. An attacker can execute unauthorized commands by leveraging access to the untrusted control sphere. This is only exploitable if the console interface is enabled in a non-default configuration.

How to fix Unsafe Dependency Resolution?

Upgrade ironic to version 26.1.6, 29.0.5, 32.0.1, 35.0.1 or higher.

[,26.1.6)[27.0.0,29.0.5)[30.0.0,32.0.1)[33.0.0,35.0.1)

ironic@34.0.0

OpenStack Bare Metal Provisioning

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically