正文

openstack-ironic-inspector SQL注入漏洞

admin
admin V管理员 /0 评论 /9 阅读
0221
此篇文章发布距今已超过1224天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

openstack-ironic-inspector SQL注入漏洞

  • CNNVD编号:CNNVD-201905-950
    • <!--
  • 危害等级: 超危-->
  • 危害等级: 超危
  • CVE编号: CVE-2019-10141
  • 漏洞类型: SQL注入
  • 发布时间: 2019-05-15
  • 威胁类型: 远程
  • 更新时间: 2021-08-05
  • 厂        商:
  • 漏洞来源: Red Hat

漏洞简介

openstack-ironic-inspector是一款硬件检测守护程序。该程序主要用于检测由OpenStack Ironic管理的节点的硬件属性。

openstack-ironic-inspector中的‘node_cache.find_node()’函数存在SQL注入漏洞。该漏洞源于基于数据库的应用缺少对外部输入SQL语句的验证。攻击者可利用该漏洞执行非法SQL命令。

漏洞公告

目前厂商已发布升级补丁以修复漏洞,补丁获取链接:

https://review.opendev.org/#/c/660234/

参考网址

来源:CONFIRM

链接:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10141

来源:MISC

链接:https://docs.openstack.org/releasenotes/ironic-inspector/queens.html#relnotes-7-2-4-stable-queens

来源:MISC

链接:https://docs.openstack.org/releasenotes/ironic-inspector/ocata.html#relnotes-5-0-2-7-origin-stable-ocata

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2019:2505

来源:MISC

链接:https://docs.openstack.org/releasenotes/ironic-inspector/stein.html#relnotes-8-2-1-stable-stein

来源:MISC

链接:https://docs.openstack.org/releasenotes/ironic-inspector/pike.html#relnotes-6-0-3-4-stable-pike

来源:MISC

链接:https://docs.openstack.org/releasenotes/ironic-inspector/rocky.html#relnotes-8-0-3-stable-rocky

来源:access.redhat.com

链接:https://access.redhat.com/errata/RHSA-2019:1734

来源:access.redhat.com

链接:https://access.redhat.com/errata/RHSA-2019:1722

来源:access.redhat.com

链接:https://access.redhat.com/errata/RHSA-2019:1669

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2019.2428/

来源:access.redhat.com

链接:https://access.redhat.com/security/cve/cve-2019-10141

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/153595/Red-Hat-Security-Advisory-2019-1734-01.html

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/153519/Red-Hat-Security-Advisory-2019-1669-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2019.2552/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/153580/Red-Hat-Security-Advisory-2019-1722-01.html

来源:nvd.nist.gov

链接:https://nvd.nist.gov/vuln/detail/CVE-2019-10141

受影响实体

    暂无


补丁

  • openstack-ironic-inspector SQL注入漏洞的修复措施
    <!--
    2019-5-15
    -->