// For flags

CVE-2019-10141

openstack-ironic-inspector: SQL Injection vulnerability when receiving introspection data

Severity Score

9.1
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's node_cache.find_node(). This function makes a SQL query using unfiltered data from a server reporting inspection results (by a POST to the /v1/continue endpoint). Because the API is unauthenticated, the flaw could be exploited by an attacker with access to the network on which ironic-inspector is listening. Because of how ironic-inspector uses the query results, it is unlikely that data could be obtained. However, the attacker could pass malicious data and create a denial of service.

Se detectó una vulnerabilidad en ironic-inspector de openstack en todas las versiones, excluyendo a la 5.0.2, 6.0.3, 7.2.4, 8.0.3 y 8.2.1. Se detectó una vulnerabilidad de inyección SQL en la función node_cache.find_node() de ironic-inspector de openstack. Esta función realiza una consulta SQL usando datos sin filtrar de un servidor que informa los resultados de la inspección (mediante una POST hacia el endpoint /v1/continue). Porque la API no está autenticada, el fallo podría ser explotado por un atacante con acceso a la red en la que ironic-inspector es detectado. Debido a que ironic-inspector usa los resultados de la consulta, es poco probable que se puedan obtener datos. Sin embargo, el atacante podría pasar datos maliciosos y crear una denegación de servicio.

A SQL-injection vulnerability was found in openstack-ironic-inspector's node_cache.find_node(). This function makes a SQL query using unfiltered data from a server reporting inspection results (by a POST to the /v1/continue endpoint). Because the API is unauthenticated, the flaw could be exploited by an attacker with access to the network on which ironic-inspector is listening. Because of how ironic-inspector uses the query results, it is unlikely that data could be obtained. However, the attacker could pass malicious data and create a denial of service.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-03-27 CVE Reserved
  • 2019-07-02 CVE Published
  • 2024-07-23 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Redhat
Search vendor "Redhat"
 Openstack
Search vendor "Redhat" for product "Openstack"
 9
Search vendor "Redhat" for product "Openstack" and version "9"
-
Affected
in Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
 7.0
Search vendor "Redhat" for product "Enterprise Linux" and version "7.0"
-
Safe
Openstack
Search vendor "Openstack"
 Ironic-inspector
Search vendor "Openstack" for product "Ironic-inspector"
 < 5.0.2
Search vendor "Openstack" for product "Ironic-inspector" and version " < 5.0.2"
-
Affected
Openstack
Search vendor "Openstack"
 Ironic-inspector
Search vendor "Openstack" for product "Ironic-inspector"
 >= 5.1.0 < 6.0.3
Search vendor "Openstack" for product "Ironic-inspector" and version " >= 5.1.0 < 6.0.3"
-
Affected
Openstack
Search vendor "Openstack"
 Ironic-inspector
Search vendor "Openstack" for product "Ironic-inspector"
 >= 6.1.0 < 7.2.4
Search vendor "Openstack" for product "Ironic-inspector" and version " >= 6.1.0 < 7.2.4"
-
Affected
Openstack
Search vendor "Openstack"
 Ironic-inspector
Search vendor "Openstack" for product "Ironic-inspector"
 >= 8.0.0 < 8.0.3
Search vendor "Openstack" for product "Ironic-inspector" and version " >= 8.0.0 < 8.0.3"
-
Affected
Openstack
Search vendor "Openstack"
 Ironic-inspector
Search vendor "Openstack" for product "Ironic-inspector"
 >= 8.1.0 < 8.2.1
Search vendor "Openstack" for product "Ironic-inspector" and version " >= 8.1.0 < 8.2.1"
-
Affected
Redhat
Search vendor "Redhat"
 Openstack
Search vendor "Redhat" for product "Openstack"
 10
Search vendor "Redhat" for product "Openstack" and version "10"
-
Affected
Redhat
Search vendor "Redhat"
 Openstack
Search vendor "Redhat" for product "Openstack"
 13
Search vendor "Redhat" for product "Openstack" and version "13"
-
Affected
Redhat
Search vendor "Redhat"
 Openstack
Search vendor "Redhat" for product "Openstack"
 14
Search vendor "Redhat" for product "Openstack" and version "14"
-
Affected