CVE-2017-16239
MEDIUMOpenStack Nova <14.0.9, <15.0.7, <16.0.2 - Privilege Escalation
Title source: llmDescription
In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova Filter Scheduler are affected. Because of the regression described in Launchpad Bug #1732947, the preferred fix is a 14.x version after 14.0.10, a 15.x version after 15.0.8, or a 16.x version after 16.0.3.
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101950
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:0369
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:0241
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2017/dsa-4056
Issue Tracking x_refsource_confirm
https://launchpad.net/bugs/1664931
Vendor Advisory x_refsource_confirm
https://security.openstack.org/ossa/OSSA-2017-005.html
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:0314
Scores
CVSS v3
6.5
EPSS
0.0039
EPSS Percentile
59.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
Status
published
Products (13)
openstack/nova
15.0.0
openstack/nova
15.0.1
openstack/nova
15.0.2
openstack/nova
15.0.3
openstack/nova
15.0.4
openstack/nova
15.0.5
openstack/nova
15.0.6
openstack/nova
15.0.7
openstack/nova
16.0.0
openstack/nova
16.0.1
... and 3 more
Published
Nov 14, 2017
Tracked Since
Feb 18, 2026