CVE-2024-47211

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-47211

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47211.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-47211

Aliases

GHSA-8h22-6qwx-q4w9

Downstream

DEBIAN-CVE-2024-47211

RHSA-2025:0439

RHSA-2025:3482

UBUNTU-CVE-2024-47211

Published

2024-10-04T18:15:08.550Z

Modified

2025-11-20T12:30:20.515903Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied image_source URLs when configured to convert images to a raw format for streaming.

References

Affected packages

Git / github.com/openstack/ironic

Affected ranges

Type: GIT
Repo: https://github.com/openstack/ironic
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

cca24af03b7e04ef52921c9226528d8c5f6c44a6

Affected versions

10.*

10.0.0

10.1.0

11.*

11.0.0

11.1.0

12.*

12.0.0

12.1.0

12.2.0

13.*

13.0.0

14.*

14.0.0

15.*

15.0.0

15.1.0

15.2.0

16.*

16.0.0

16.1.0

16.2.0

17.*

17.0.0

18.*

18.0.0

18.1.0

18.2.0

19.*

19.0.0

20.*

20.0.0

20.1.0

20.2.0

2014.*

2014.1.b1

2014.1.b2

2014.1.b3

2014.1.rc1

2014.2

2014.2.b1

2014.2.b2

2014.2.b3

2014.2.rc1

2014.2.rc2

2014.2.rc3

2015.*

2015.1.0

2015.1.0b1

2015.1.0b2

2015.1.0b3

2015.1.0rc1

2015.1.0rc2

21.*

21.0.0

21.1.0

21.2.0

21.3.0

21.4.0

21.4.1

21.4.2

21.4.3

4.*

4.0.0

4.1.0

4.2.0

4.3.0

5.*

5.0.0

5.1.0

6.*

6.0.0

6.1.0

6.2.0

7.*

7.0.0

8.*

8.0.0

9.*

9.0.0

9.2.0