RedHatRHSA-2019:2505(RHSA-2019:2505) Important: openstack-ironic-inspector security update
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS
Percentile
80.7%
ironic-inspector is an auxiliary service for discovering hardware
properties for a node managed by Ironic. Hardware introspection or hardware
properties discovery is a process of getting hardware parameters required
for scheduling from a bare metal node, given its power management
credentials (e.g. IPMI address, user name and password).
Security Fix(es):
- openstack-ironic-inspector: SQL Injection vulnerability when receiving introspection data (CVE-2019-10141)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 7 | noarch | openstack-ironic-inspector | < 3.2.2-5.el7ost | openstack-ironic-inspector-3.2.2-5.el7ost.noarch.rpm |
| RedHat | 7 | noarch | openstack-ironic-inspector-doc | < 3.2.2-5.el7ost | openstack-ironic-inspector-doc-3.2.2-5.el7ost.noarch.rpm |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS
Percentile
80.7%