Filter Scheduler Bypass in OpenStack Nova by Authenticated Users
CVE-2017-16239
6.5MEDIUM
Summary
In OpenStack Nova versions 14.0.0 to 14.0.9, 15.0.0 to 15.0.7, and 16.0.0 to 16.0.2, an authenticated user can rebuild an instance to bypass the intended filter mechanisms of the Filter Scheduler. This vulnerability allows users to circumvent critical filters such as ImagePropertiesFilter and IsolatedHostsFilter. Affected deployments should upgrade to secure versions: Nova 14.x (after 14.0.10), 15.x (after 15.0.8), or 16.x (after 16.0.3) to mitigate the risk associated with this flaw.
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved