GHSA-w2wf-cgwh-vpqg

Source

https://github.com/advisories/GHSA-w2wf-cgwh-vpqg

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w2wf-cgwh-vpqg/GHSA-w2wf-cgwh-vpqg.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-w2wf-cgwh-vpqg

Aliases

CVE-2017-16239

Published

2022-05-13T01:44:04Z

Modified

2024-05-14T21:14:05.042818Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

OpenStack Nova Filter Scheduler Bypass

Details

In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova Filter Scheduler are affected. Because of the regression described in Launchpad Bug #1732947, the preferred fix is a 14.x version after 14.0.10, a 15.x version after 15.0.8, or a 16.x version after 16.0.3.

Database specific

{
    "nvd_published_at": "2017-11-14T17:29:00Z",
    "cwe_ids": [],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-14T20:53:46Z"
}

References

Affected packages

PyPI / nova

Package

Name: nova; View open source insights on deps.dev
Purl: pkg:pypi/nova

Affected ranges

Type: ECOSYSTEM
Events: Introduced

16.0.0

Fixed

16.0.3

PyPI / nova

Package

Name: nova; View open source insights on deps.dev
Purl: pkg:pypi/nova

Affected ranges

Type: ECOSYSTEM
Events: Introduced

15.0.0

Fixed

15.0.8

PyPI / nova

Package

Name: nova; View open source insights on deps.dev
Purl: pkg:pypi/nova

Affected ranges

Type: ECOSYSTEM
Events: Introduced

14.0.0

Fixed

14.0.10