A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's node_cache.find_node(). This function makes a SQL query using unfiltered data from a server reporting inspection results (by a POST to the /v1/continue endpoint). Because the API is unauthenticated, the flaw could be exploited by an attacker with access to the network on which ironic-inspector is listening. Because of how ironic-inspector uses the query results, it is unlikely that data could be obtained. However, the attacker could pass malicious data and create a denial of service.
| Score | Percentile |
|---|---|
| 0.76% | 72.51% |
| Base score | Version | Severity | Vector |
|---|---|---|---|
| 8.3 | 3.0 | — |
|
| 7.2 | 4.0 | — |
|
| Type | Value |
|---|---|
| GHSA | GHSA-c7fc-cm7p-92r2 ↗ |
| CVE | CVE-2019-10141 ↗ |
| CWE id | Name |
|---|---|
| CWE-89 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem | Package | Vulnerable range | First patched | Vulnerable functions |
|---|---|---|---|---|
| pip | ironic-inspector | < 5.0.2 | 5.0.2 | — |
| pip | ironic-inspector | >= 5.1.0, < 6.0.3 | 6.0.3 | — |
| pip | ironic-inspector | >= 6.1.0, < 7.2.4 | 7.2.4 | — |
| pip | ironic-inspector | >= 8.0.0, < 8.0.3 | 8.0.3 | — |
| pip | ironic-inspector | >= 8.1.0, < 8.2.1 | 8.2.1 | — |