CVE-2021-3654
MEDIUM NUCLEIOpenStack Nova < 21.2.3 - Open Redirect via noVNC Console Proxy
Title source: llmExploitation Summary
CVE-2021-3654 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.
Nuclei Templates (1)
Nova noVNC - Open Redirect
MEDIUMby geeknik
References (8)
Core 8
Core References
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202305-02
Exploit, Issue Tracking, Patch, Third Party Advisory
https://bugs.launchpad.net/nova/+bug/1927677
Patch, Third Party Advisory
https://bugs.python.org/issue32084
Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1961439
Patch, Vendor Advisory
https://opendev.org/openstack/nova/commit/04d48527b62a35d912f93bc75613a6cca606df66
Patch, Vendor Advisory
https://opendev.org/openstack/nova/commit/8906552cfc2525a44251d4cf313ece61e57251eb
Patch, Vendor Advisory
https://security.openstack.org/ossa/OSSA-2021-002.html
Mailing List, Patch, Third Party Advisory
https://www.openwall.com/lists/oss-security/2021/07/29/2
Scores
CVSS v3
6.1
EPSS
0.2746
EPSS Percentile
97.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-601
Status
published
Products (4)
openstack/nova
< 21.2.3
pypi/nova
0 - 21.2.3PyPI
redhat/openstack_platform
16.1
redhat/openstack_platform
16.2
Published
Mar 02, 2022
Tracked Since
Feb 18, 2026