Latest openstack nova Vulnerabilities

● CVE-2022-47951

An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0....

OpenStack Cinder<=19.1.2

OpenStack Cinder>=20.0.0<20.0.2

OpenStack Glance<23.0.1

OpenStack Glance>=24.0.0<24.1.1

OpenStack Nova<24.1.2

OpenStack Nova>=25.0.0<25.0.2

and 5 more

● CVE-2022-37394

An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnic_type, creating an instance bound to that port, and ...

OpenStack Nova<23.2.2

OpenStack Nova>=24.0.0<24.1.2

OpenStack Nova>=25.0.0<25.0.2

● CVE-2021-3654

A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.

OpenStack Nova<21.2.3

OpenStack Nova>=22.0.0<22.2.3

OpenStack Nova>=23.0.0<23.0.3

Redhat Openstack Platform=16.1

Redhat Openstack Platform=16.2

redhat/nova<21.2.3

and 2 more

● CVE-2020-17376

An issue was discovered in Guest.migrate in `virt/libvirt/guest.py` in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously unde...

OpenStack Nova<19.3.1

OpenStack Nova>=20.0.0<20.3.1

OpenStack Nova=21.0.0

pip/nova=21.0.0

pip/nova>=20.0.0<20.3.1

pip/nova<19.3.1

● CVE-2015-9543

An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs m...

OpenStack Nova<18.2.4

OpenStack Nova>=19.0.0<19.1.0

OpenStack Nova>=20.0.0<20.1.0

● CVE-2013-0326

OpenStack nova base images permissions are world readable

OpenStack Nova

Debian Debian Linux=8.0

Debian Debian Linux=9.0

Debian Debian Linux=10.0

debian/nova<=2:18.1.0-6<=2:18.1.0-6+deb10u2<=2:22.0.1-2+deb11u1<=2:26.1.0-4<=2:28.0.0-2

● CVE-2019-14433

A vulnerability was found in Nova Compute resource fault handling. If an API request from an authenticateduser ends in a fault condition due to an external exception, details of the underlying environ...

OpenStack Nova<17.0.12

OpenStack Nova>=18.0.0<18.2.2

OpenStack Nova>=19.0.0<19.0.2

Canonical Ubuntu Linux=16.04

Canonical Ubuntu Linux=18.04

Canonical Ubuntu Linux=19.04

and 11 more

● CVE-2011-3147

Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem.

OpenStack Nova>=2010.1<2012.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.