{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-03T04:54:32.073","vulnerabilities":[{"cve":{"id":"CVE-2019-10141","sourceIdentifier":"secalert@redhat.com","published":"2019-07-30T17:15:12.453","lastModified":"2024-11-21T04:18:30.227","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's node_cache.find_node(). This function makes a SQL query using unfiltered data from a server reporting inspection results (by a POST to the /v1/continue endpoint). Because the API is unauthenticated, the flaw could be exploited by an attacker with access to the network on which ironic-inspector is listening. Because of how ironic-inspector uses the query results, it is unlikely that data could be obtained. However, the attacker could pass malicious data and create a denial of service."},{"lang":"es","value":"Se detectó una vulnerabilidad en ironic-inspector de openstack en todas las versiones, excluyendo a la 5.0.2, 6.0.3, 7.2.4, 8.0.3 y 8.2.1. Se detectó una vulnerabilidad de inyección SQL en  la función  node_cache.find_node() de ironic-inspector de openstack. Esta función realiza una consulta SQL usando datos sin filtrar de un servidor que informa los resultados de la inspección (mediante una POST hacia el endpoint /v1/continue). Porque la API no está autenticada, el fallo podría ser explotado por un atacante con acceso a la red en la que ironic-inspector es detectado. Debido a que ironic-inspector usa los resultados de la consulta, es poco probable que se puedan obtener datos. Sin embargo, el atacante podría pasar datos maliciosos y crear una denegación de servicio."}],"metrics":{"cvssMetricV30":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:P","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openstack:ironic-inspector:*:*:*:*:*:*:*:*","versionEndExcluding":"5.0.2","matchCriteriaId":"1148EC36-0766-4080-AC70-7C384D8A41BC"},{"vulnerable":true,"criteria":"cpe:2.3:a:openstack:ironic-inspector:*:*:*:*:*:*:*:*","versionStartIncluding":"5.1.0","versionEndExcluding":"6.0.3","matchCriteriaId":"E8F90AF2-9A18-40F8-BBAF-51D1727142FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:openstack:ironic-inspector:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.0","versionEndExcluding":"7.2.4","matchCriteriaId":"77B95F6A-6F21-433A-B8C3-D7EA91312E62"},{"vulnerable":true,"criteria":"cpe:2.3:a:openstack:ironic-inspector:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.0.3","matchCriteriaId":"E9C414C8-F67E-4C60-BCC7-6CE2C0B552C8"},{"vulnerable":true,"criteria":"cpe:2.3:a:openstack:ironic-inspector:*:*:*:*:*:*:*:*","versionStartIncluding":"8.1.0","versionEndExcluding":"8.2.1","matchCriteriaId":"79F2C939-0CC0-444A-A313-A52A14CA7B0E"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*","matchCriteriaId":"E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*","matchCriteriaId":"704CFA1A-953E-4105-BFBE-406034B83DED"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openstack:14:*:*:*:*:*:*:*","matchCriteriaId":"EB7F358B-5E56-41AB-BB8A-23D3CB7A248B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*","matchCriteriaId":"F40C26BE-56CB-4022-A1D8-3CA0A8F87F4B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2019:2505","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10141","source":"secalert@redhat.com","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://docs.openstack.org/releasenotes/ironic-inspector/ocata.html#relnotes-5-0-2-7-origin-stable-ocata","source":"secalert@redhat.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://docs.openstack.org/releasenotes/ironic-inspector/pike.html#relnotes-6-0-3-4-stable-pike","source":"secalert@redhat.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://docs.openstack.org/releasenotes/ironic-inspector/queens.html#relnotes-7-2-4-stable-queens","source":"secalert@redhat.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://docs.openstack.org/releasenotes/ironic-inspector/rocky.html#relnotes-8-0-3-stable-rocky","source":"secalert@redhat.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://docs.openstack.org/releasenotes/ironic-inspector/stein.html#relnotes-8-2-1-stable-stein","source":"secalert@redhat.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:2505","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10141","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://docs.openstack.org/releasenotes/ironic-inspector/ocata.html#relnotes-5-0-2-7-origin-stable-ocata","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://docs.openstack.org/releasenotes/ironic-inspector/pike.html#relnotes-6-0-3-4-stable-pike","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://docs.openstack.org/releasenotes/ironic-inspector/queens.html#relnotes-7-2-4-stable-queens","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://docs.openstack.org/releasenotes/ironic-inspector/rocky.html#relnotes-8-0-3-stable-rocky","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://docs.openstack.org/releasenotes/ironic-inspector/stein.html#relnotes-8-2-1-stable-stein","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]}]}}]}