Bugs fixes in "ironic"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2026-48681 | OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image. | 2026-06-12 |
| CVE | CVE-2026-44917 | OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxe_templa | 2026-06-12 |
| CVE | CVE-2026-46447 | OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info. | 2026-06-12 |
| CVE | CVE-2026-48681 | OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image. | 2026-06-12 |
| CVE | CVE-2026-44917 | OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxe_templa | 2026-06-12 |
| CVE | CVE-2026-46447 | OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info. | 2026-06-12 |
| CVE | CVE-2026-48681 | OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image. | 2026-06-12 |
| CVE | CVE-2026-44917 | OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxe_templa | 2026-06-12 |
| CVE | CVE-2026-46447 | OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info. | 2026-06-12 |
| CVE | CVE-2026-48681 | OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image. | 2026-06-12 |
| CVE | CVE-2026-44917 | OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxe_templa | 2026-06-12 |
| CVE | CVE-2026-46447 | OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info. | 2026-06-12 |
| CVE | CVE-2026-48681 | OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image. | 2026-06-11 |
| CVE | CVE-2026-44917 | OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxe_templa | 2026-06-11 |
| CVE | CVE-2026-46447 | OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info. | 2026-06-11 |
| CVE | CVE-2026-48681 | OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image. | 2026-06-11 |
| CVE | CVE-2026-44917 | OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxe_templa | 2026-06-11 |
| CVE | CVE-2026-46447 | OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info. | 2026-06-11 |
| CVE | CVE-2026-48681 | OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image. | 2026-06-11 |
| CVE | CVE-2026-44917 | OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxe_templa | 2026-06-11 |
About
-
Send Feedback to @ubuntu_updates
