Nixpkgs security tracker
7.7 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): CHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): NONE
- Availability impact (A): NONE
by @LeSuisse Activity log
- Created suggestion
- @LeSuisse dismissed (not in Nixpkgs)
An issue was discovered in idrac in OpenStack Ironic before …
An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token (which provides access to all OpenStack services Ironic is authorized for); or basic credentials configured for molds storage. The fixed versions are 26.1.6, 29.0.5, 32.0.1, and 35.0.1.
References
Affected products
- <29.0.5
- <32.0.1
- <26.1.6
- <35.0.1
Matching in nixpkgs
pkgs.ironicclient
Client for OpenStack bare metal provisioning API, includes a Python module (ironicclient) and CLI (baremetal)
pkgs.python312Packages.python-ironicclient
Client for OpenStack bare metal provisioning API, includes a Python module (ironicclient) and CLI (baremetal)
pkgs.python313Packages.python-ironicclient
Client for OpenStack bare metal provisioning API, includes a Python module (ironicclient) and CLI (baremetal)
pkgs.python314Packages.python-ironicclient
Client for OpenStack bare metal provisioning API, includes a Python module (ironicclient) and CLI (baremetal)
Package maintainers
-
@anthonyroussel Anthony Roussel <anthony@roussel.dev>
-
@vinetos vinetos <contact+git@vinetos.fr>
-
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>