CVE-2019-10141 -- ironic-inspectorID: oval:org.secpod.oval:def:2005260 | Date: (C)2020-10-22 (M)2021-06-02 |
Class: VULNERABILITY | Family: unix |
A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector"s node_cache.find_node. This function makes a SQL query using unfiltered data from a server reporting inspection results . Because the API is unauthenticated, the flaw could be exploited by an attacker with access to the network on which ironic-inspector is listening. Because of how ironic-inspector uses the query results, it is unlikely that data could be obtained. However, the attacker could pass malicious data and create a denial of service.
Platform: |
Debian 10.x |
Debian 9.x |