OpenStack Ironic Credential Forwarding Vulnerability via iDrac Configuration Molds

A vulnerability exists in OpenStack Ironic versions prior to 35.0.1, specifically in the iDrac configuration molds feature. When importing a configuration mold, an authenticated user can send authorization requests to a remote endpoint. The forwarded credentials include a time-limited Keystone token, granting access to all OpenStack services authorized for Ironic, or basic credentials for molds storage. The vulnerability arises because the authorization request URL is user-controlled and not validated by Ironic, allowing for potential misuse.

Impact

Exploitation of this vulnerability could lead to unauthorized access to OpenStack services through the misuse of forwarded credentials, including time-limited Keystone tokens or basic storage credentials.

Remediation

Users can upgrade to OpenStack Ironic versions 26.1.6, 29.0.5, 32.0.1, or 35.0.1. For versions 2024.1/caracal and 2026.2/hibiscus, the molds feature has been removed, addressing the vulnerability.