CVE-2019-10141

Name: CVE-2019-10141
Creator: NVD / NIST
Published: 2019-07-30T17:15:12.453+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.46%

Last modified Jun 17, 2026

CVE-2019-10141 is a vulnerability of currently unknown severity. A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's node_cache.find_node(). EPSS estimates a 2.46% chance of exploitation in the next 30 days.

Description

A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's node_cache.find_node(). This function makes a SQL query using unfiltered data from a server reporting inspection results (by a POST to the /v1/continue endpoint). Because the API is unauthenticated, the flaw could be exploited by an attacker with access to the network on which ironic-inspector is listening. Because of how ironic-inspector uses the query results, it is unlikely that data could be obtained. However, the attacker could pass malicious data and create a denial of service.

Metrics

EPSS Probability

2.46%

82.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Openstack	Ironic-Inspector	< 5.0.2
Openstack	Ironic-Inspector	>= 5.1.0, < 6.0.3
Openstack	Ironic-Inspector	>= 6.1.0, < 7.2.4
Openstack	Ironic-Inspector	>= 8.0.0, < 8.0.3
Openstack	Ironic-Inspector	>= 8.1.0, < 8.2.1
Redhat	Openstack	10
Redhat	Openstack	13
Redhat	Openstack	14
Redhat	Openstack	9

References

https://access.redhat.com/errata/RHSA-2019:2505
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10141Issue Tracking, Patch, Third Party Advisory
https://docs.openstack.org/releasenotes/ironic-inspector/ocata.html#relnotes-5-0-2-7-origin-stable-ocataRelease Notes, Vendor Advisory
https://docs.openstack.org/releasenotes/ironic-inspector/pike.html#relnotes-6-0-3-4-stable-pikeRelease Notes, Vendor Advisory
https://docs.openstack.org/releasenotes/ironic-inspector/queens.html#relnotes-7-2-4-stable-queensRelease Notes, Vendor Advisory
https://docs.openstack.org/releasenotes/ironic-inspector/rocky.html#relnotes-8-0-3-stable-rockyRelease Notes, Vendor Advisory
https://docs.openstack.org/releasenotes/ironic-inspector/stein.html#relnotes-8-2-1-stable-steinRelease Notes, Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:2505
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10141Issue Tracking, Patch, Third Party Advisory
https://docs.openstack.org/releasenotes/ironic-inspector/ocata.html#relnotes-5-0-2-7-origin-stable-ocataRelease Notes, Vendor Advisory
https://docs.openstack.org/releasenotes/ironic-inspector/pike.html#relnotes-6-0-3-4-stable-pikeRelease Notes, Vendor Advisory
https://docs.openstack.org/releasenotes/ironic-inspector/queens.html#relnotes-7-2-4-stable-queensRelease Notes, Vendor Advisory
https://docs.openstack.org/releasenotes/ironic-inspector/rocky.html#relnotes-8-0-3-stable-rockyRelease Notes, Vendor Advisory
https://docs.openstack.org/releasenotes/ironic-inspector/stein.html#relnotes-8-2-1-stable-steinRelease Notes, Vendor Advisory

Timeline

Published: Jul 30, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-10141?

How severe is CVE-2019-10141?

Severity scoring for CVE-2019-10141 is pending analysis. The EPSS model estimates a 2.46% probability of exploitation in the next 30 days.

How do I fix CVE-2019-10141?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-10141?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST