CVE-2024-44082
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-44082
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-44082.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-44082
- Related
- Published
- 2024-09-06T01:15:11Z
- Modified
- 2024-11-24T16:48:29.941727Z
- Summary
- [none]
- Details
-
In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data. The affected/fixed version details are: Ironic: <21.4.3, >=22.0.0 <23.0.2, >=23.1.0 <24.1.2, >=25.0.0 <26.0.1; Ironic-python-agent: <9.4.2, >=9.5.0 <9.7.1, >=9.8.0 <9.11.1, >=9.12.0 <9.13.1.
- References
Affected packages
Debian:11 / ironic
Package
- Name
- ironic
- Purl
- pkg:deb/debian/ironic?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1:16.*
1:16.0.3-1
1:16.2.0-1
1:17.*
1:17.0.0-1
1:17.0.1-1
1:17.0.3-1
1:17.0.3-2
1:18.*
1:18.1.0-1
1:18.2.0-1
1:18.2.0-2
1:18.2.0-3
1:20.*
1:20.0.0-1
1:20.1.0-1
1:20.1.0-2
1:21.*
1:21.0.0-1
1:21.0.0-2
1:21.0.0-3
1:21.1.0-1
1:21.1.0-2
1:21.1.0-3
1:21.3.0-1
1:21.4.0-1
1:21.4.0-2
1:21.4.0-3
1:21.4.0-4
1:22.*
1:22.1.0-1
1:23.*
1:23.0.0-1
1:23.0.0-2
1:23.0.0-3
1:23.0.0-4
1:24.*
1:24.0.0-1
1:24.1.0-1
1:24.1.1-1
1:24.1.1-2
1:24.1.1-3
1:26.*
1:26.0.0-1
1:26.0.0-2
1:26.1.0-1
1:26.1.0-2
1:26.1.0-3
1:26.1.1-1
Debian:12 / ironic
Package
- Name
- ironic
- Purl
- pkg:deb/debian/ironic?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Debian:13 / ironic
Package
- Name
- ironic
- Purl
- pkg:deb/debian/ironic?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:26.1.0-1