2315010 – (CVE-2024-47211) CVE-2024-47211 openstack-ironic: Lack of checksum validation on images

Bug 2315010 (CVE-2024-47211) - CVE-2024-47211 openstack-ironic: Lack of checksum validation on images

Summary: CVE-2024-47211 openstack-ironic: Lack of checksum validation on images

Keywords:
Status:	NEW
Alias:	CVE-2024-47211
Deadline:	2024-10-03
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2315015 2315016
Blocks:
TreeView+	depends on / blocked

Reported:	2024-09-26 20:20 UTC by OSIDB Bzimport
Modified:	2025-04-07 22:34 UTC (History)
CC List:	29 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2024:8229	None	None	None	2024-10-23 05:29:34 UTC
Red Hat Product Errata	RHSA-2024:8415	None	None	None	2024-10-30 01:13:20 UTC
Red Hat Product Errata	RHSA-2025:0439	None	None	None	2025-01-22 15:55:08 UTC
Red Hat Product Errata	RHSA-2025:3482	None	None	None	2025-04-07 22:34:28 UTC

Description OSIDB Bzimport 2024-09-26 20:20:05 UTC

There's a flaw in Ironic where images may not have their checksum validated before conversion, potentially permitting man-in-the-middle attacks modifying image data.

Comment 2 errata-xmlrpc 2024-10-23 05:29:32 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.17

Via RHSA-2024:8229 https://access.redhat.com/errata/RHSA-2024:8229

Comment 3 errata-xmlrpc 2024-10-30 01:13:17 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.16

Via RHSA-2024:8415 https://access.redhat.com/errata/RHSA-2024:8415

Comment 4 errata-xmlrpc 2025-01-22 15:55:06 UTC

This issue has been addressed in the following products:

  Red Hat OpenStack Services on OpenShift 18.0

Via RHSA-2025:0439 https://access.redhat.com/errata/RHSA-2025:0439

Comment 5 errata-xmlrpc 2025-04-07 22:34:26 UTC

This issue has been addressed in the following products:

  Red Hat OpenStack Platform 17.1 for RHEL 9

Via RHSA-2025:3482 https://access.redhat.com/errata/RHSA-2025:3482

Note You need to log in before you can comment on or make changes to this bug.

asdas
bmontgom
dpaolell
eglynn
eparis
jburrell
jdelft
jjoyce
jschluet
jupierce
lgarciaa
lhh
lsvaty
mbenatto
mbiarnes
mburns
mgarciac
nstielau
pgrist
rhos-maint
rpittau
sbaker
security-response-team
sidsharm
sponnaga
talessio
vlaad
ximhan
yuxzhu