CVE-2019-10141SQL Injection in Ironic-inspector

CWE-89SQL Injection10 documents7 sources
Severity
9.1CRITICALNVD
CNA8.3
EPSS
0.8%
top 26.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Openstack Ironic-inspectorRedhat Openstack-ironic-inspectorRedhat Openstack
Timeline
PublishedJul 30
Latest updateMay 24

Description

A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's node_cache.find_node(). This function makes a SQL query using unfiltered data from a server reporting inspection results (by a POST to the /v1/continue endpoint). Because the API is unauthenticated, the flaw could be exploited by an attacker with access to the network on which ironic-inspector is listening. Be

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages3 packages

NVDopenstack/ironic-inspector5.1.06.0.3+4
CVEListV5redhat/openstack-ironic-inspector5 versions+4
NVDredhat/openstack4 versions+3

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

5
GHSA
Openstack ironic-inspector has SQL injection vulnerability in node_cache2022-05-24
OSV
Openstack ironic-inspector has SQL injection vulnerability in node_cache2022-05-24
OSV
MariaDB vulnerabilities2019-08-12
OSV
CVE-2019-10141: A vulnerability was found in openstack-ironic-inspector all versions excluding 52019-07-30
CVEList
CVE-2019-10141: A vulnerability was found in openstack-ironic-inspector all versions excluding 52019-07-30

📋Vendor Advisories

2
Red Hat
openstack-ironic-inspector: SQL Injection vulnerability when receiving introspection data2019-05-15
Debian
CVE-2019-10141: ironic-inspector - A vulnerability was found in openstack-ironic-inspector all versions excluding 5...2019

💬Community

2
Bugzilla
CVE-2019-10141 openstack-ironic-inspector: SQL Injection vulnerability when receiving introspection data [openstack-rdo]2019-05-21
Bugzilla
CVE-2019-10141 openstack-ironic-inspector: SQL Injection vulnerability when receiving introspection data2019-05-19
CVE-2019-10141 — SQL Injection in Ironic-inspector | cvebase