GHSA-q458-5jc4-vvpg
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
Network API access with existing low-privileged credentials; high confidentiality impact due to iSCSI credential exposure in affected configurations; limited integrity impact on Port/Portgroup objects; no availability impact described.
Primary rating from Vendor (CNA).
CVSS VectorVendor
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
Lifecycle Timeline
3Description PRE-NVD
AnalysisAI
Insufficient access controls in OpenStack Ironic's parent/child node hierarchy allow authenticated users to access or manipulate resources belonging to nodes outside their authorization scope. Affected objects include Volume Targets and Volume Connectors - which carry iSCSI storage credentials in boot-from-volume deployments - as well as Port and Portgroup objects (hardened as defense-in-depth in the same patch set). …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires an authenticated Ironic API session with at least read-level access to one node within the deployment. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | No CVSS score or vector was provided in the input data, so severity must be inferred from the vulnerability description. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An authenticated low-privileged Ironic API user - such as a project operator in a multi-tenant bare-metal cloud - crafts API requests targeting Volume Targets or Volume Connectors associated with a node they do not own, exploiting the absent parent/child boundary check to retrieve iSCSI initiator or target credentials. With those credentials, the attacker gains unauthorized access to shared SAN storage, potentially exposing data from other tenants' bare-metal workloads. … |
| Remediation | Apply the upstream patches corresponding to the deployed Ironic branch via the Gerrit review links in the advisory: 996478 (epoxy), 996476 (flamingo), 996469 (gazpacho), 996462 (hibiscus), 996474 (Bugfix/33.0), 996471 (Bugfix/34.0), 996464 (Bugfix/37.0). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Audit Ironic API audit logs for suspicious cross-node access patterns to Volume Targets, Volume Connectors, Port, and Portgroup objects; identify users with excessive resource permissions; initiate immediate rotation of iSCSI credentials. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42777