Browse Source

Adds OSSA-2017-005 (CVE-2017-16239)

Change-Id: Ib03875ae5b6ad95ceecf00714704ac9676ef32a7
Related-Bug: #1664931
Tristan Cacqueray 1 year ago
parent
commit
cb43ec5959
1 changed files with 39 additions and 0 deletions
  1. 39
    0
      ossa/OSSA-2017-005.yaml

+ 39
- 0
ossa/OSSA-2017-005.yaml View File

@@ -0,0 +1,39 @@
1
+date: 2017-11-14
2
+
3
+id: OSSA-2017-005
4
+
5
+title: Nova Filter Scheduler bypass through rebuild action
6
+
7
+description: >
8
+  George Shuklin from servers.com reported a vulnerability in Nova. By
9
+  rebuilding an instance, an authenticated user may be able to circumvent the
10
+  Filter Scheduler bypassing imposed filters (for example, the
11
+  ImagePropertiesFilter or the IsolatedHostsFilter).
12
+  All setups using Nova Filter Scheduler are affected.
13
+
14
+affected-products:
15
+  - product: nova
16
+    version: "<=14.0.9, >=15.0.0 <=15.0.7, >=16.0.0 <=16.0.2"
17
+
18
+vulnerabilities:
19
+  - cve-id: CVE-2017-16239
20
+
21
+reporters:
22
+  - name: George Shuklin
23
+    affiliation: Servers.com
24
+    reported:
25
+      - CVE-2017-16239
26
+
27
+issues:
28
+  links:
29
+    - https://launchpad.net/bugs/1664931
30
+
31
+reviews:
32
+  queens:
33
+    - https://review.openstack.org/519662
34
+  pike:
35
+    - https://review.openstack.org/519672
36
+  ocata:
37
+    - https://review.openstack.org/519681
38
+  newton:
39
+    - https://review.openstack.org/519684

Loading…
Cancel
Save