Vulnerability Details : CVE-2017-16239
In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova Filter Scheduler are affected. Because of the regression described in Launchpad Bug #1732947, the preferred fix is a 14.x version after 14.0.10, a 15.x version after 15.0.8, or a 16.x version after 16.0.3.
Products affected by CVE-2017-16239
- cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:nova:15.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:nova:15.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:nova:16.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:nova:16.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:nova:15.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:nova:15.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:nova:15.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:nova:15.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:nova:16.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:nova:15.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:nova:15.0.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-16239
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 48 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-16239
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:P/A:N |
8.0
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
2.8
|
3.6
|
NIST |
References for CVE-2017-16239
-
https://security.openstack.org/ossa/OSSA-2017-005.html
OpenStack Docs: OSSA-2017-005: Nova Filter Scheduler bypass through rebuild actionVendor Advisory
-
https://access.redhat.com/errata/RHSA-2018:0369
RHSA-2018:0369 - Security Advisory - Red Hat Customer Portal
-
https://launchpad.net/bugs/1664931
Bug #1664931 “[OSSA-2017-005] nova rebuild ignores all image pro...” : Bugs : OpenStack Compute (nova)Issue Tracking
-
https://www.debian.org/security/2017/dsa-4056
Debian -- Security Information -- DSA-4056-1 nova
-
https://access.redhat.com/errata/RHSA-2018:0314
RHSA-2018:0314 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2018:0241
RHSA-2018:0241 - Security Advisory - Red Hat Customer Portal
-
http://www.securityfocus.com/bid/101950
OpenStack Nova CVE-2017-16239 Security Bypass VulnerabilityThird Party Advisory;VDB Entry
Jump to