CVE-2019-10141 Red Hat OpenStack openstack-ironic-inspector Introspection SQL Injection Vulnerability – JUl 2019

Preface:The cloud can be managed with a web-based dashboard or command-line clients, which allow administrators to control.At the same time it lures the arrival of cyber attackers.

Product background: Red Hat OpenStack Platform provides the foundation to build a private or public Infrastructure-as-a-Service (IaaS) cloud on top of Red Hat Enterprise Linux.

Vulnerability details:

A SQL-injection vulnerability was found in openstack-ironic-inspector’s node_cache.find_node(). This function makes a SQL query using unfiltered data from a server reporting inspection results
An attacker could exploit this vulnerability by submitting malicious introspection data to the targeted system. A successful exploit could allow the attacker to conduct SQL injection attacks on the targeted system.

Remediation: Red Hat packages can be updated on Red Hat Enterprise Linux versions 5 and later using the yum tool.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.