Bug 2315010 (CVE-2024-47211) - CVE-2024-47211 openstack-ironic: Lack of checksum validation on images
Summary: CVE-2024-47211 openstack-ironic: Lack of checksum validation on images
Keywords:
Status: NEW
Alias: CVE-2024-47211
Deadline: 2024-10-03
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2315015 2315016
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-09-26 20:20 UTC by OSIDB Bzimport
Modified: 2024-10-23 05:29 UTC (History)
29 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in OpenStack Ironic. The lack of checksum verification allows an attacker with access to the images to modify an image without the change noticed by OpenStack. This issue leads to integrity issues in the image.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:8229 0 None None None 2024-10-23 05:29:34 UTC

Description OSIDB Bzimport 2024-09-26 20:20:05 UTC 
There's a flaw in Ironic where images may not have their checksum validated before conversion, potentially permitting man-in-the-middle attacks modifying image data.
Comment 2 errata-xmlrpc 2024-10-23 05:29:32 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.17

Via RHSA-2024:8229 https://access.redhat.com/errata/RHSA-2024:8229
Note You need to log in before you can comment on or make changes to this bug.