CVEs related to bugs in Ironic
Open bugs
There are no CVEs related to bugs open in Ironic.
Resolved bugs
| Bug | CVE(s) |
|---|---|
| Bug #1517277: Clean steps don't actually run (CVE-2015-7514) | |
| Ironic | Fix released, assigned to aeva black |
| Bug #1572796: Node information including credentials exposed to unathenticated users (CVE-2016-4985) | |
| Ironic | Fix released, assigned to aeva black |
| Bug #2019892: Cinder OSSA-2023-003 breaks Ironic Boot From Volume | |
| Ironic | Fix released, assigned to Julia Kreger |
| Bug #2071740: [OSSA-2024-003] Unvalidated image data passed to qemu-img (CVE-2024-44082) | |
| Ironic | Fix released, assigned to Julia Kreger |
| Bug #2076289: [OSSA-2024-004] Ironic sometimes fails to verify checksums of supplied image_source URLs (CVE-2024-47211) | |
| Ironic | Fix released, assigned to Julia Kreger |
| Bug #2107847: [OSSA-2025-001] (CVE-2025-44021) Can image a node with any file conductor can read | |
| Ironic | Fix released, assigned to Jay Faulkner |
