Approved changes feed: RSS · Atom
cpe:2.3:a:openstack:ironic:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Openstack (7b0cf974-b2b5-592e-bdf4-6953805ef02a) |
|---|---|
| Product | Ironic (d7fc3255-f207-5d72-a6a6-d75dd69242d3) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:docker/openstackhelm/ironic |
purl2cpe | 2026-06-01 10:17:03.709796 |
pkg:github/openstack/ironic |
purl2cpe | 2026-06-01 10:17:03.709799 |
pkg:pypi/ironic-python-agent |
purl2cpe | 2026-06-01 10:17:03.709801 |
pkg:rpm/opensuse/openstack-ironic |
purl2cpe | 2026-06-01 10:17:03.709804 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-44919 |
vulnerable | 2026-06-03 15:25:03.486790 |
Details available
MEDIUM (4.3)
In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL.
Published: 2026-05-14T00:00:00.000Z
Updated: 2026-05-21T06:16:30.581Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-44916 |
vulnerable | 2026-06-03 15:25:03.486542 |
Details available
LOW (3)
In OpenStack Ironic before 35.0.2 (in a certain non-default configuration), instance_info['ks_template'] is rendered without sandboxing.
Published: 2026-05-08T06:38:37.279Z
Updated: 2026-05-20T15:04:18.146Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-42997 |
vulnerable | 2026-06-03 15:25:01.820846 |
Details available
HIGH (7.7)
An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token (which provides access to all OpenStack services Ironic is authorized for); or basic credentials configured for molds storage. The fixed versions are 26.1.6, 29.0.5, 32.0.1, and 35.0.1.
Published: 2026-05-05T00:00:00.000Z
Updated: 2026-05-06T06:12:45.933Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-42510 |
vulnerable | 2026-06-03 15:25:01.223319 |
Details available
MEDIUM (6.6)
OpenStack Ironic before 35.0.1 allows ipmitool execution in a non-default configuration that has a console interface.
Published: 2026-04-28T04:53:10.789Z
Updated: 2026-05-20T15:33:10.131Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-44021 |
vulnerable | 2026-06-03 15:01:18.505531 |
Details available
LOW (2.8)
OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling (if a deployment was performed via the API). A malicious project assigned as a node owner can provide a path to any local file (readable by ironic-conductor), which may then be written to the target node disk. This is difficult to exploit in practice, because a node deployed in this manner should never reach the ACTIVE state, but it still represents a danger in environments running with non-default, insecure configurations such as with automated cleaning disabled. The fixed versions are 24.1.3, 26.1.1, and 29.0.1.
Published: 2025-05-08T00:00:00.000Z
Updated: 2025-05-08T21:02:53.418Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.