GHSA-vxvx-hwwh-pp7cHighCVSS 8.2

In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI...

Published
July 10, 2026
Last Modified
July 10, 2026

🔗 CVE IDs covered (1)

📋 Description

In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the send_raw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control.

🔗 References (4)