{"id":"CVE-2024-47211","details":"In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied image_source URLs when configured to convert images to a raw format for streaming.","aliases":["GHSA-8h22-6qwx-q4w9"],"modified":"2026-04-10T05:18:10.406290Z","published":"2024-10-04T18:15:08.550Z","references":[{"type":"WEB","url":"https://github.com/openstack/ironic/security"},{"type":"WEB","url":"https://github.com/openstack/ironic/tags"},{"type":"WEB","url":"https://security.openstack.org/ossa/OSSA-2024-004.html"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/10/05/2"},{"type":"WEB","url":"https://github.com/openstack/ironic/compare/24.1.2...26.1.0"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openstack/ironic","events":[{"introduced":"0"},{"fixed":"cca24af03b7e04ef52921c9226528d8c5f6c44a6"},{"introduced":"0"},{"fixed":"7a1292c569a84eb05806a57a89fca5bb6b0c4043"},{"introduced":"fc2549a2232e06010ea3c0073a3a1d0b9a77275d"},{"fixed":"ebce0fd0845de411171127a55002ae7c9605de57"},{"introduced":"55738cd17b759f77c60d9e058b137c5be4e62df8"},{"fixed":"5857ca0cd5bc4949f77b9f3b6c3e0d7ab97f6b88"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"21.4.4"},{"introduced":"23.x"},{"fixed":"23.0.3"},{"introduced":"24.x"},{"fixed":"24.1.3"},{"introduced":"26.x"},{"fixed":"26.1.0"}]}}],"versions":["10.0.0","10.1.0","11.0.0","11.1.0","12.0.0","12.1.0","12.2.0","13.0.0","14.0.0","15.0.0","15.1.0","15.2.0","16.0.0","16.1.0","16.2.0","17.0.0","18.0.0","18.1.0","18.2.0","19.0.0","20.0.0","20.1.0","20.2.0","2014.1.b1","2014.1.b2","2014.1.b3","2014.1.rc1","2014.2.b1","2014.2.b2","2014.2.b3","2014.2.rc1","2015.1.0b1","2015.1.0b2","2015.1.0b3","2015.1.0rc1","21.0.0","21.1.0","21.2.0","21.3.0","21.4.0","21.4.1","21.4.2","21.4.3","22.0.0","22.1.0","23.0.0","23.0.1","23.0.2","23.1.0","24.0.0","24.1.0","24.1.1","24.1.2","25.0.0","26.0.0","4.0.0","4.1.0","4.2.0","4.3.0","5.0.0","5.1.0","6.0.0","6.1.0","6.2.0","7.0.0","8.0.0","9.0.0","9.2.0","bugfix-22.0-eol"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47211.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}]}