CVSS 3.1 Score 4.7 of 10 (medium)


Published Apr 17, 2024
CWE ID 288


CVE-2024-31463 is a vulnerability affecting the OpenStack Ironic deployment packaged and configured by Metal3, specifically when the reverse proxy mode is enabled. This vulnerability allows unauthorized access to the Ironic API without authentication. It also affects Ironic Inspector, although to a lesser extent. Operators deploying ironic-image in reverse proxy mode are impacted, particularly when TLS is used and the IRONIC_PRIVATE_PORT variable is unset or set to a numeric value. The potential danger includes attackers with enough privileges launching a pod on the control plane and gaining access to sensitive information. The vulnerability has a base severity rating of MEDIUM with a base score of 4.7 according to security advisories on GitHub.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-31463 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options