Fluid Attacks Database

Description

Injection vulnerability that affects ironic-discoverd OpenStack Ironic Inspector (aka ironic-inspector or ironic-discoverd), when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
pypi	python-ironic-inspector-client	>=0 <0.2.5	0.2.5
pypi	ironic-inspector	>=0 <2.2.2	2.2.2
pypi	ironic-discoverd	>=0 <0.2.5	0.2.5
debian 11	ironic-inspector	>=0 <3.2.0-1	3.2.0-1
debian 13	ironic-inspector	>=0 <3.2.0-1	3.2.0-1
debian 12	ironic-inspector	>=0 <3.2.0-1	3.2.0-1

Aliases

1. CVE-2015-53062. NVD-2015-53063. OSV-2015-53064. OSV-DEBIAN-2015-53065. GHSA-x64g-wjmw-w3286. GCVE-2015-53067. access.redhat.com8. access.redhat.com9. ACCESS-CVE-2015-530610. SECURITY-TRACKER-CVE-2015-5306

References

1. https://bugs.launchpad.net/ironic-inspector/+bug/15064192. https://bugzilla.redhat.com/show_bug.cgi?id=12736983. https://github.com/pypa/advisory-database/tree/main/vulns/ironic-inspector/PYSEC-2015-28.yaml4. https://opendev.org/openstack/ironic-inspector/commit/2c64da2bee6eeea27c08eb7a94894feaa54949105. https://opendev.org/openstack/ironic-inspector/commit/77d0052c5133034490386fbfadfdb1bdb49aa44f6. http://rhn.redhat.com/errata/RHSA-2015-2685.html

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.