Bug 2315010 (CVE-2024-47211)
| Summary: | CVE-2024-47211 openstack-ironic: Lack of checksum validation on images | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | asdas, bmontgom, dpaolell, eglynn, eparis, jburrell, jdelft, jjoyce, jschluet, jupierce, lgarciaa, lhh, lsvaty, mbenatto, mbiarnes, mburns, mgarciac, nstielau, pgrist, rhos-maint, rpittau, sbaker, security-response-team, sidsharm, sponnaga, talessio, vlaad, ximhan, yuxzhu |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found in OpenStack Ironic. The lack of checksum verification allows an attacker with access to the images to modify an image without the change noticed by OpenStack. This issue leads to integrity issues in the image.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2315016, 2315015 | ||
| Bug Blocks: | |||
| Deadline: | 2024-10-03 | ||
|
Description
OSIDB Bzimport
2024-09-26 20:20:05 UTC
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.17 Via RHSA-2024:8229 https://access.redhat.com/errata/RHSA-2024:8229 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.16 Via RHSA-2024:8415 https://access.redhat.com/errata/RHSA-2024:8415 |