Описание
In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied image_source URLs when configured to convert images to a raw format for streaming.
A flaw was found in OpenStack Ironic. The lack of checksum verification allows an attacker with access to the images to modify an image without the change noticed by OpenStack. This issue leads to integrity issues in the image.
Отчет
This vulnerability is classified as moderate severity rather than important because it requires a specific set of conditions for exploitation. An attacker must have access to the image source and be positioned to intercept or modify images during their transmission, which limits the attack surface to environments with insecure or untrusted network configurations. Additionally, the vulnerability only impacts Ironic when it is configured to convert images to raw format for streaming, making it a less common scenario. The absence of checksum validation could compromise image integrity, but it does not grant direct control over the system or immediate escalation of privileges, hence the moderate classification. Red Hat OpenStack 16.2 is not affected by this vulnerability, as it doesn't contain the affected code and the needed configuration option required to a successful exploit.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenStack Platform 16.2 | openstack-ironic | Not affected | ||
| Red Hat OpenShift Container Platform 4.16 | openshift4/ose-ironic-rhel9 | Fixed | RHSA-2024:8415 | 30.10.2024 |
| Red Hat OpenShift Container Platform 4.17 | openshift4/ose-ironic-rhel9 | Fixed | RHSA-2024:8229 | 23.10.2024 |
| Red Hat OpenStack Platform 17.1 for RHEL 9 | openstack-ironic | Fixed | RHSA-2025:3482 | 07.04.2025 |
| Red Hat OpenStack Services on OpenShift 18.0 | openstack-ironic | Fixed | RHSA-2025:0439 | 22.01.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.3 Medium
CVSS3
Связанные уязвимости
In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied image_source URLs when configured to convert images to a raw format for streaming.
In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied image_source URLs when configured to convert images to a raw format for streaming.
In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x a ...
OpenStack Ironic fails to verify checksums of supplied image_source URLs
EPSS
6.3 Medium
CVSS3