Filter Scheduler Bypass in OpenStack Nova by Authenticated Users
CVE-2017-16239

6.5MEDIUM

Key Information:

Vendor

Openstack
Status
Nova
Vendor
CVE Published:
14 November 2017

What is CVE-2017-16239?

In OpenStack Nova versions 14.0.0 to 14.0.9, 15.0.0 to 15.0.7, and 16.0.0 to 16.0.2, an authenticated user can rebuild an instance to bypass the intended filter mechanisms of the Filter Scheduler. This vulnerability allows users to circumvent critical filters such as ImagePropertiesFilter and IsolatedHostsFilter. Affected deployments should upgrade to secure versions: Nova 14.x (after 14.0.10), 15.x (after 15.0.8), or 16.x (after 16.0.3) to mitigate the risk associated with this flaw.

References

http://www.securityfocus.com/bid/101950
vdb-entryx_refsource_BID
https://access.redhat.com/errata/RHSA-2018:0369
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0241
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.