Preface:The cloud can be managed with a web-based dashboard or command-line clients, which allow administrators to control.At the same time it lures the arrival of cyber attackers.
Product background: Red Hat OpenStack Platform provides the foundation to build a private or public Infrastructure-as-a-Service (IaaS) cloud on top of Red Hat Enterprise Linux.
Vulnerability details:
A SQL-injection vulnerability was found in openstack-ironic-inspector’s node_cache.find_node(). This function makes a SQL query using unfiltered data from a server reporting inspection results
An attacker could exploit this vulnerability by submitting malicious introspection data to the targeted system. A successful exploit could allow the attacker to conduct SQL injection attacks on the targeted system.
Remediation: Red Hat packages can be updated on Red Hat Enterprise Linux versions 5 and later using the yum tool.