1. CVE-Search
  2. CVE-2017-16239
ID CVE-2017-16239
Summary In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova Filter Scheduler are affected. Because of the regression described in Launchpad Bug #1732947, the preferred fix is a 14.x version after 14.0.10, a 15.x version after 15.0.8, or a 16.x version after 16.0.3.
References
Vulnerable Configurations
  • cpe:2.3:a:openstack:nova:-:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:-:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:0.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:0.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:12.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:12.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:12.0.0:alpha0:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:12.0.0:alpha0:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:12.0.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:12.0.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:12.0.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:12.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:12.0.0:beta3:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:12.0.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:12.0.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:12.0.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:12.0.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:12.0.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:12.0.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:12.0.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:12.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:12.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:12.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:12.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:12.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:12.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:12.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:12.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:12.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:12.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:12.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:12.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:13.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:13.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:13.0.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:13.0.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:13.0.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:13.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:13.0.0:beta3:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:13.0.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:13.0.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:13.0.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:13.0.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:13.0.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:13.0.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:13.0.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:13.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:13.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:13.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:13.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:13.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:13.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:13.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:13.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:13.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:13.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:14.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:14.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:14.0.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:14.0.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:14.0.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:14.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:14.0.0:beta3:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:14.0.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:14.0.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:14.0.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:14.0.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:14.0.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:14.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:14.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:14.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:14.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:14.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:14.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:14.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:14.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:14.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:14.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:14.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:14.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:14.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:14.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:14.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:14.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:14.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:14.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:15.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:15.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:15.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:15.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:15.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:15.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:15.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:15.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:15.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:15.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:15.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:15.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:15.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:15.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:15.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:15.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:16.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:16.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:16.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:16.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:16.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:16.0.2:*:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:N/I:P/A:N
redhat via4
advisories
  • rhsa
    id RHSA-2018:0241
  • rhsa
    id RHSA-2018:0314
  • rhsa
    id RHSA-2018:0369
rpms
  • openstack-nova-1:16.0.2-9.el7ost
  • openstack-nova-api-1:16.0.2-9.el7ost
  • openstack-nova-cells-1:16.0.2-9.el7ost
  • openstack-nova-common-1:16.0.2-9.el7ost
  • openstack-nova-compute-1:16.0.2-9.el7ost
  • openstack-nova-conductor-1:16.0.2-9.el7ost
  • openstack-nova-console-1:16.0.2-9.el7ost
  • openstack-nova-migration-1:16.0.2-9.el7ost
  • openstack-nova-network-1:16.0.2-9.el7ost
  • openstack-nova-novncproxy-1:16.0.2-9.el7ost
  • openstack-nova-placement-api-1:16.0.2-9.el7ost
  • openstack-nova-scheduler-1:16.0.2-9.el7ost
  • openstack-nova-serialproxy-1:16.0.2-9.el7ost
  • openstack-nova-spicehtml5proxy-1:16.0.2-9.el7ost
  • python-nova-1:16.0.2-9.el7ost
  • python-nova-tests-1:16.0.2-9.el7ost
  • openstack-nova-1:15.0.8-5.el7ost
  • openstack-nova-api-1:15.0.8-5.el7ost
  • openstack-nova-cells-1:15.0.8-5.el7ost
  • openstack-nova-cert-1:15.0.8-5.el7ost
  • openstack-nova-common-1:15.0.8-5.el7ost
  • openstack-nova-compute-1:15.0.8-5.el7ost
  • openstack-nova-conductor-1:15.0.8-5.el7ost
  • openstack-nova-console-1:15.0.8-5.el7ost
  • openstack-nova-migration-1:15.0.8-5.el7ost
  • openstack-nova-network-1:15.0.8-5.el7ost
  • openstack-nova-novncproxy-1:15.0.8-5.el7ost
  • openstack-nova-placement-api-1:15.0.8-5.el7ost
  • openstack-nova-scheduler-1:15.0.8-5.el7ost
  • openstack-nova-serialproxy-1:15.0.8-5.el7ost
  • openstack-nova-spicehtml5proxy-1:15.0.8-5.el7ost
  • python-nova-1:15.0.8-5.el7ost
  • python-nova-tests-1:15.0.8-5.el7ost
  • openstack-nova-1:14.1.0-3.el7ost
  • openstack-nova-api-1:14.1.0-3.el7ost
  • openstack-nova-cells-1:14.1.0-3.el7ost
  • openstack-nova-cert-1:14.1.0-3.el7ost
  • openstack-nova-common-1:14.1.0-3.el7ost
  • openstack-nova-compute-1:14.1.0-3.el7ost
  • openstack-nova-conductor-1:14.1.0-3.el7ost
  • openstack-nova-console-1:14.1.0-3.el7ost
  • openstack-nova-migration-1:14.1.0-3.el7ost
  • openstack-nova-network-1:14.1.0-3.el7ost
  • openstack-nova-novncproxy-1:14.1.0-3.el7ost
  • openstack-nova-placement-api-1:14.1.0-3.el7ost
  • openstack-nova-scheduler-1:14.1.0-3.el7ost
  • openstack-nova-serialproxy-1:14.1.0-3.el7ost
  • openstack-nova-spicehtml5proxy-1:14.1.0-3.el7ost
  • python-nova-1:14.1.0-3.el7ost
  • python-nova-tests-1:14.1.0-3.el7ost
  • python-novaclient-1:6.0.2-2.el7ost
refmap via4
bid 101950
confirm
debian DSA-4056
Last major update 03-10-2019 - 00:03
Published 14-11-2017 - 17:29
Last modified 03-10-2019 - 00:03
Back to Top