GHSA-vxvx-hwwh-pp7cHighCVSS 8.2
In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI...
🔗 CVE IDs covered (1)
📋 Description
In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the send_raw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control.