{"id":"USN-6989-1","summary":"ironic vulnerability","details":"Dan Smith, Julia Kreger and Jay Faulkner discovered that in\nimage processing for Ironic, a specially crafted image\ncould be used by an authenticated user to exploit undesired behaviors\nin qemu-img, including possible unauthorized access to potentially\nsensitive data.\n","modified":"2026-04-27T17:02:28.947965Z","published":"2024-09-04T16:04:06Z","related":["UBUNTU-CVE-2024-44082"],"upstream":["CVE-2024-44082","UBUNTU-CVE-2024-44082"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6989-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-44082"}],"affected":[{"package":{"name":"ironic","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/ironic@1:20.1.0-0ubuntu1.2?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:20.1.0-0ubuntu1.2"}]}],"versions":["1:18.2.0-0ubuntu1","1:18.2.0+git2021120910.cdc3b9538-0ubuntu1","1:19.0.0+git2022011216.7beadee46-0ubuntu1","1:20.0.0+git2022030313.4e6a3d52e-0ubuntu1","1:20.1.0-0ubuntu1","1:20.1.0-0ubuntu1.1"],"ecosystem_specific":{"binaries":[{"binary_version":"1:20.1.0-0ubuntu1.2","binary_name":"ironic-api"},{"binary_version":"1:20.1.0-0ubuntu1.2","binary_name":"ironic-common"},{"binary_version":"1:20.1.0-0ubuntu1.2","binary_name":"ironic-conductor"},{"binary_version":"1:20.1.0-0ubuntu1.2","binary_name":"python3-ironic"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6989-1.json","cves_map":{"ecosystem":"Ubuntu:22.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2024-44082"}]}}},{"package":{"name":"ironic","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/ironic@1:24.1.1-0ubuntu1.2?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:24.1.1-0ubuntu1.2"}]}],"versions":["1:23.0.0-0ubuntu3","1:23.1.0+git2024011916.a374a0c1-0ubuntu1","1:24.1.0-0ubuntu1","1:24.1.1-0ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_version":"1:24.1.1-0ubuntu1.2","binary_name":"ironic-api"},{"binary_version":"1:24.1.1-0ubuntu1.2","binary_name":"ironic-common"},{"binary_version":"1:24.1.1-0ubuntu1.2","binary_name":"ironic-conductor"},{"binary_version":"1:24.1.1-0ubuntu1.2","binary_name":"python3-ironic"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6989-1.json","cves_map":{"ecosystem":"Ubuntu:24.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2024-44082"}]}}}],"schema_version":"1.7.5"}