Browse all 5 CVE security advisories affecting metal3-io. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Metal3-io develops open-source infrastructure for bare-metal provisioning and cluster lifecycle management, primarily used in cloud-native environments. Historically, its vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and insecure default configurations. The project maintains a moderate security posture with five disclosed CVEs, though no major public incidents have been reported. Security characteristics include regular security audits and community-driven vulnerability management, though rapid development cycles may occasionally introduce exploitable flaws before patches are available.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-31463 | Ironic-image allows unauthenticated local access to Ironic API — ironic-imageCWE-288 | 4.7 | Medium | 2024-04-17 |
| CVE-2023-40585 | Unauthenticated access to Ironic API — ironic-imageCWE-306 | 7.3 | High | 2023-08-25 |
This page lists every published CVE security advisory associated with metal3-io. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.