CVE-2017-16239

Severity

40%

Complexity

80%

Confidentiality

48%

In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova Filter Scheduler are affected. Because of the regression described in Launchpad Bug #1732947, the preferred fix is a 14.x version after 14.0.10, a 15.x version after 15.0.8, or a 16.x version after 16.0.3.

CVSS 3.0 Base Score 6.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N).

CVSS 2.0 Base Score 4. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N).

Overview

First reported 7 years ago

2017-11-14 17:29:00

Last updated 5 years ago

2019-10-03 00:03:00

Affected Software

OpenStack Nova

OpenStack Nova 15.0.0

15.0.0

OpenStack Nova 15.0.1

15.0.1

OpenStack Nova 15.0.2

15.0.2

OpenStack Nova 15.0.3

15.0.3

OpenStack Nova 15.0.4

15.0.4

OpenStack Nova 15.0.5

15.0.5

OpenStack Nova 15.0.6

15.0.6

OpenStack Nova 15.0.7

15.0.7

OpenStack Nova 16.0.0

16.0.0

OpenStack Nova 16.0.1

16.0.1

OpenStack Nova 16.0.2

16.0.2

References

101950

Third Party Advisory, VDB Entry

RHSA-2018:0241

RHSA-2018:0314

RHSA-2018:0369

https://launchpad.net/bugs/1664931

Issue Tracking

https://security.openstack.org/ossa/OSSA-2017-005.html

Vendor Advisory

DSA-4056

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.