CVE-2017-16239

Published: Nov 14, 2017 Last Modified: Apr 20, 2025 EU-VD ID: EUVD-2022-5467 Aliases: GHSA-w2wf-cgwh-vpqg
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 6,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: high
Availability: none
MEDIUM 4,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: single
Confidentiality: none
Integrity: partial
Availability: none

Description

AI Translation Available

In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova Filter Scheduler are affected. Because of the regression described in Launchpad Bug #1732947, the preferred fix is a 14.x version after 14.0.10, a 15.x version after 15.0.8, or a 16.x version after 16.0.3.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0039
Percentile
0,6th
Updated

EPSS Score Trend (Last 91 Days)

Application

Nova by Openstack

Product Information
Vendor Openstack
Product Nova
Version 15.0.2
cpe:2.3:a:openstack:nova:15.0.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Nova by Openstack

Product Information
Vendor Openstack
Product Nova
Version 16.0.1
cpe:2.3:a:openstack:nova:16.0.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Nova by Openstack

Product Information
Vendor Openstack
Product Nova
Version 15.0.4
cpe:2.3:a:openstack:nova:15.0.4:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Nova by Openstack

Product Information
Vendor Openstack
Product Nova
Version 16.0.2
cpe:2.3:a:openstack:nova:16.0.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Nova by Openstack

Product Information
Vendor Openstack
Product Nova
Version 15.0.3
cpe:2.3:a:openstack:nova:15.0.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Nova by Openstack

Product Information
Vendor Openstack
Product Nova
Version 15.0.1
cpe:2.3:a:openstack:nova:15.0.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Nova by Openstack

Product Information
Vendor Openstack
Product Nova
Version 15.0.0
cpe:2.3:a:openstack:nova:15.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Nova by Openstack

Product Information
Vendor Openstack
Product Nova
Version Range Affected
To 14.0.9 (inclusive)
cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Nova by Openstack

Product Information
Vendor Openstack
Product Nova
Version 15.0.7
cpe:2.3:a:openstack:nova:15.0.7:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Nova by Openstack

Product Information
Vendor Openstack
Product Nova
Version 15.0.6
cpe:2.3:a:openstack:nova:15.0.6:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Nova by Openstack

Product Information
Vendor Openstack
Product Nova
Version 16.0.0
cpe:2.3:a:openstack:nova:16.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Nova by Openstack

Product Information
Vendor Openstack
Product Nova
Version 15.0.5
cpe:2.3:a:openstack:nova:15.0.5:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://access.redhat.com/errata/RHSA-2018:0241
https://access.redhat.com/errata/RHSA-2018:0241
https://access.redhat.com/errata/RHSA-2018:0314
https://access.redhat.com/errata/RHSA-2018:0314
https://access.redhat.com/errata/RHSA-2018:0369
https://access.redhat.com/errata/RHSA-2018:0369
https://launchpad.net/bugs/1664931
Issue Tracking
https://launchpad.net/bugs/1664931
https://security.openstack.org/ossa/OSSA-2017-005.html
Vendor Advisory
https://security.openstack.org/ossa/OSSA-2017-005.html
https://www.debian.org/security/2017/dsa-4056
https://www.debian.org/security/2017/dsa-4056
http://www.securityfocus.com/bid/101950
Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/101950
https://access.redhat.com/errata/RHSA-2018:0241
https://access.redhat.com/errata/RHSA-2018:0241
https://access.redhat.com/errata/RHSA-2018:0314
https://access.redhat.com/errata/RHSA-2018:0314
https://access.redhat.com/errata/RHSA-2018:0369
https://access.redhat.com/errata/RHSA-2018:0369
https://launchpad.net/bugs/1664931
Issue Tracking
https://launchpad.net/bugs/1664931
https://security.openstack.org/ossa/OSSA-2017-005.html
Vendor Advisory
https://security.openstack.org/ossa/OSSA-2017-005.html
https://www.debian.org/security/2017/dsa-4056
https://www.debian.org/security/2017/dsa-4056
http://www.securityfocus.com/bid/101950
Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/101950