{"id":"CVE-2019-10141","details":"A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's node_cache.find_node(). This function makes a SQL query using unfiltered data from a server reporting inspection results (by a POST to the /v1/continue endpoint). Because the API is unauthenticated, the flaw could be exploited by an attacker with access to the network on which ironic-inspector is listening. Because of how ironic-inspector uses the query results, it is unlikely that data could be obtained. However, the attacker could pass malicious data and create a denial of service.","aliases":["GHSA-c7fc-cm7p-92r2","PYSEC-2019-152"],"modified":"2026-04-10T04:13:43.673364Z","published":"2019-07-30T17:15:12.453Z","references":[{"type":"ADVISORY","url":"https://docs.openstack.org/releasenotes/ironic-inspector/queens.html#relnotes-7-2-4-stable-queens"},{"type":"ADVISORY","url":"https://docs.openstack.org/releasenotes/ironic-inspector/rocky.html#relnotes-8-0-3-stable-rocky"},{"type":"ADVISORY","url":"https://docs.openstack.org/releasenotes/ironic-inspector/stein.html#relnotes-8-2-1-stable-stein"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2505"},{"type":"ADVISORY","url":"https://docs.openstack.org/releasenotes/ironic-inspector/ocata.html#relnotes-5-0-2-7-origin-stable-ocata"},{"type":"ADVISORY","url":"https://docs.openstack.org/releasenotes/ironic-inspector/pike.html#relnotes-6-0-3-4-stable-pike"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10141"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openstack/ironic-inspector","events":[{"introduced":"0"},{"fixed":"53f44a7ccf8164d19031266a35e341cc557ee84a"},{"introduced":"42963fa9f75313f253527baaeda39249a89fe185"},{"fixed":"99c88629ad879e5c50c113f2fcd62f49a711ce3f"},{"introduced":"04e646c6429b128039a572805178ac99113bee5e"},{"fixed":"17c796b49171b6133e988f78c92d7c9b7ed3fcf3"},{"introduced":"600784a91e21cc16ca1e1c34367af7f2327ad79c"},{"fixed":"97f9d34f8376ac7accd2597b3bdce67a9dac664f"},{"introduced":"8d41543c1b0ac88233a42c08ad5348d576d57962"},{"fixed":"67ff87ebca1016d44bd9d284ec4c16a88a533cfc"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"5.0.2"},{"introduced":"5.1.0"},{"fixed":"6.0.3"},{"introduced":"6.1.0"},{"fixed":"7.2.4"},{"introduced":"8.0.0"},{"fixed":"8.0.3"},{"introduced":"8.1.0"},{"fixed":"8.2.1"}]}}],"versions":["0.1.0","0.1.1","0.2.0","0.2.1","0.2.2","0.2.3","0.2.4","1.0.0","2.0.0","2.0.1","2.1.0","2.2.0","2.3.0","3.0.0","3.1.0","3.2.0","3.3.0","4.0.0","4.1.0","4.2.0","5.0.0","5.0.1","5.1.0","6.0.0","6.0.1","6.0.2","6.1.0","7.0.0","7.1.0","7.2.0","7.2.1","7.2.2","7.2.3","8.0.0","8.0.1","8.0.2","8.1.0","8.2.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10141.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"10"}]},{"events":[{"introduced":"0"},{"last_affected":"13"}]},{"events":[{"introduced":"0"},{"last_affected":"14"}]},{"events":[{"introduced":"0"},{"last_affected":"9"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"}]}