Описание
In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data. The affected/fixed version details are: Ironic: <21.4.3, >=22.0.0 <23.0.2, >=23.1.0 <24.1.2, >=25.0.0 <26.0.1; Ironic-python-agent: <9.4.2, >=9.5.0 <9.7.1, >=9.8.0 <9.11.1, >=9.12.0 <9.13.1.
A vulnerability was found in OpenStack Ironic. This flaw allows an authenticated user to use a specially crafted image to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data.
Отчет
This vulnerability in OpenStack Ironic is of high severity because it enables an authenticated user to craft malicious images that exploit the image format detection process. Since qemu-img automatically loads all image drivers to inspect the input data, an attacker can leverage unsafe features within certain image formats to trigger unexpected behaviors, including unauthorized access to sensitive memory or data leakage. The exposure of potentially sensitive data and the ability to exploit the image processing pipeline pose high risks to system integrity, particularly in environments like OpenStack Ironic, where bare-metal provisioning demands secure and precise control of image operations.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenStack Platform 16.1 | openstack-ironic | Out of support scope | ||
| Red Hat OpenStack Platform 18.0 | openstack-ironic | Affected | ||
| Ironic content for Red Hat OpenShift Container Platform 4.12 | openstack-ironic | Fixed | RHSA-2024:8694 | 07.11.2024 |
| Ironic content for Red Hat OpenShift Container Platform 4.13 | openstack-ironic | Fixed | RHSA-2024:7941 | 16.10.2024 |
| Red Hat OpenShift Container Platform 4.14 | openshift4/ose-ironic-rhel9 | Fixed | RHSA-2024:8235 | 23.10.2024 |
| Red Hat OpenShift Container Platform 4.15 | openshift4/ose-ironic-rhel9 | Fixed | RHSA-2024:7594 | 09.10.2024 |
| Red Hat OpenShift Container Platform 4.16 | openshift4/ose-ironic-rhel9 | Fixed | RHSA-2024:7174 | 02.10.2024 |
| Red Hat OpenStack Platform 16.2 | openstack-ironic | Fixed | RHSA-2025:0204 | 09.01.2025 |
| Red Hat OpenStack Platform 17.1 for RHEL 9 | openstack-ironic | Fixed | RHSA-2024:9982 | 21.11.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.8 Medium
CVSS3
Связанные уязвимости
In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data. The affected/fixed version details are: Ironic: <21.4.3, >=22.0.0 <23.0.2, >=23.1.0 <24.1.2, >=25.0.0 <26.0.1; Ironic-python-agent: <9.4.2, >=9.5.0 <9.7.1, >=9.8.0 <9.11.1, >=9.12.0 <9.13.1.
In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data. The affected/fixed version details are: Ironic: <21.4.3, >=22.0.0 <23.0.2, >=23.1.0 <24.1.2, >=25.0.0 <26.0.1; Ironic-python-agent: <9.4.2, >=9.5.0 <9.7.1, >=9.8.0 <9.11.1, >=9.12.0 <9.13.1.
In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13. ...
EPSS
6.8 Medium
CVSS3