CVE-2021-3654

MEDIUM NUCLEI

Openstack Nova < 21.2.3 - Open Redirect

Title source: rule

Description

A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.

Nuclei Templates (1)

Nova noVNC - Open Redirect

MEDIUMby geeknik

References (8)

[Third Party Advisory] https://security.gentoo.org/glsa/202305-02

[Exploit, Issue Tracking, Patch, Third Party Advisory] https://bugs.launchpad.net/nova/+bug/1927677

[Patch, Third Party Advisory] https://bugs.python.org/issue32084

[Issue Tracking, Patch, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=1961439

[Patch, Vendor Advisory] https://opendev.org/openstack/nova/commit/04d48527b62a35d912f93bc75613a6cca606df66

[Patch, Vendor Advisory] https://opendev.org/openstack/nova/commit/8906552cfc2525a44251d4cf313ece61e57251eb

[Patch, Vendor Advisory] https://security.openstack.org/ossa/OSSA-2021-002.html

[Mailing List, Patch, Third Party Advisory] https://www.openwall.com/lists/oss-security/2021/07/29/2

Scores

CVSS v3 6.1

EPSS 0.8723

EPSS Percentile 99.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-601

Status published

Products (4)

openstack/nova < 21.2.3

pypi/nova 0 - 21.2.3PyPI

redhat/openstack_platform 16.1

redhat/openstack_platform 16.2

Published Mar 02, 2022

Tracked Since Feb 18, 2026