CVE-2017-16239
- Source
- https://cve.org/CVERecord?id=CVE-2017-16239
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-16239.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-16239
- Aliases
- Downstream
- Related
- Published
- 2017-11-14T17:29:00.290Z
- Modified
- 2026-04-11T15:43:58.489805Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova Filter Scheduler are affected. Because of the regression described in Launchpad Bug #1732947, the preferred fix is a 14.x version after 14.0.10, a 15.x version after 15.0.8, or a 16.x version after 16.0.3.
- References
-
- http://www.securityfocus.com/bid/101950
- https://access.redhat.com/errata/RHSA-2018:0241
- https://access.redhat.com/errata/RHSA-2018:0314
- https://access.redhat.com/errata/RHSA-2018:0369
- https://security.openstack.org/ossa/OSSA-2017-005.html
- https://www.debian.org/security/2017/dsa-4056
- https://launchpad.net/bugs/1664931
Affected packages
Git / github.com/openstack/nova
Affected ranges
- Type
- GIT
- Repo
- https://github.com/openstack/nova
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affected
- Database specific
{ "extracted_events": [ { "introduced": "0" }, { "last_affected": "14.0.9" }, { "last_affected": "15.0.0" }, { "last_affected": "15.0.1" }, { "last_affected": "15.0.2" }, { "last_affected": "15.0.3" }, { "last_affected": "15.0.4" }, { "last_affected": "15.0.5" }, { "last_affected": "15.0.6" }, { "last_affected": "15.0.7" }, { "last_affected": "16.0.0" }, { "last_affected": "16.0.1" }, { "last_affected": "16.0.2" } ], "cpe": [ "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "cpe:2.3:a:openstack:nova:15.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:openstack:nova:15.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:openstack:nova:15.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:openstack:nova:15.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:openstack:nova:15.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:openstack:nova:15.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:openstack:nova:15.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:openstack:nova:15.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:openstack:nova:16.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:openstack:nova:16.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:openstack:nova:16.0.2:*:*:*:*:*:*:*" ], "source": "CPE_FIELD" }
Affected versions
0.*
0.9.0
12.*
12.0.0.0b1
12.0.0.0b2
12.0.0.0b3
12.0.0.0rc1
12.0.0a0
13.*
13.0.0.0b1
13.0.0.0b2
13.0.0.0b3
13.0.0.0rc1
14.*
14.0.0
14.0.0.0b1
14.0.0.0b2
14.0.0.0b3
14.0.0.0rc1
14.0.0.0rc2
14.0.1
14.0.2
14.0.3
14.0.4
14.0.5
14.0.6
14.0.7
14.0.8
14.0.9
15.*
15.0.0
15.0.0.0b1
15.0.0.0b2
15.0.0.0b3
15.0.0.0rc1
15.0.0.0rc2
15.0.1
15.0.2
15.0.3
15.0.4
15.0.5
15.0.6
15.0.7
16.*
16.0.0
16.0.0.0b1
16.0.0.0b2
16.0.0.0b3
16.0.0.0rc1
16.0.0.0rc2
16.0.1
16.0.2
2010.*
2010.1
2011.*
2011.1
2011.1rc1
2011.2
2011.2gamma1
2011.2rc1
2013.*
2013.1.rc1
2013.2.b3
2013.2.rc1
2014.*
2014.1.b1
2014.1.b2
2014.1.b3
2014.1.rc1
2014.2.b1
2014.2.b2
2014.2.b3
2014.2.rc1
2015.*
2015.1.0b1
2015.1.0b2
2015.1.0b3
2015.1.0rc1
Other
diablo-1
essex-1
folsom-1
folsom-2