Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-c7fc-cm7p-92r2

GitHub Security Advisory

Openstack ironic-inspector has SQL injection vulnerability in node_cache

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's node_cache.find_node(). This function makes a SQL query using unfiltered data from a server reporting inspection results (by a POST to the /v1/continue endpoint). Because the API is unauthenticated, the flaw could be exploited by an attacker with access to the network on which ironic-inspector is listening. Because of how ironic-inspector uses the query results, it is unlikely that data could be obtained. However, the attacker could pass malicious data and create a denial of service.

Affected Packages

PyPI ironic-inspector
Affected versions: 0 (fixed in 5.0.2)
PyPI ironic-inspector
Affected versions: 5.1.0 (fixed in 6.0.3)
PyPI ironic-inspector
Affected versions: 6.1.0 (fixed in 7.2.4)
PyPI ironic-inspector
Affected versions: 8.0.0 (fixed in 8.0.3)
PyPI ironic-inspector
Affected versions: 8.1.0 (fixed in 8.2.1)

Related CVEs

CVE-2019-10141

Key Information

GHSA ID
GHSA-c7fc-cm7p-92r2
Published
May 24, 2022 4:51 PM
Last Modified
September 27, 2024 3:56 PM
CVSS Score
7.5 /10
Primary Ecosystem
PyPI
Primary Package
ironic-inspector
GitHub Reviewed
✓ Yes

Dataset

Last updated: September 19, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.