Vulnerability in OpenStack Nova Affects Encrypted Volume Management
CVE-2017-18191
7.5HIGH
Summary
A flaw exists in OpenStack Nova versions 15.x up to 15.1.0 and 16.x up to 16.1.1, where the detachment and reattachment of encrypted volumes can result in unauthorized access to the underlying raw volume. This vulnerability exposes the LUKS header to potential corruption, which can lead to a denial of service on the compute host. All configurations of Nova that utilize encrypted volumes are impacted, allowing attackers to potentially disrupt services.
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved