CVE-2024-47211 — Improper Validation of Integrity Check Value in Ironic

CWE-354 — Improper Validation of Integrity Check Value16 documents6 sources

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 59.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Ironic

Timeline

PublishedOct 4

Latest updateJun 9

Description

In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied image_source URLs when configured to convert images to a raw format for streaming.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶PyPIopenstack/ironic25.0.0 — 26.1.1+3

▶Debianopenstack/ironic< 1:26.1.0-1+1

🔴Vulnerability Details

OSV

linux-azure vulnerabilities↗2025-06-09

▶

OSV

linux-azure, linux-azure-4.15 vulnerabilities↗2025-06-09

▶

OSV

linux-azure-fips vulnerabilities↗2025-06-09

▶

OSV

linux-fips vulnerabilities↗2025-06-06

▶

OSV

linux, linux-aws, linux-kvm vulnerabilities↗2025-06-04

▶

📋Vendor Advisories

Red Hat

openstack-ironic: Lack of checksum validation on images↗2024-10-03

▶

Debian

CVE-2024-47211: ironic - In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x be...↗2024

▶