CVE-2017-16239

CWE-841CWE-400Uncontrolled Resource Consumption12 documents7 sources
Severity
6.5MEDIUM
EPSS
0.4%
top 40.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openstack Nova
Timeline
PublishedNov 14
Latest updateMay 13

Description

In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova Filter Scheduler are affected. Because of the regression described in Launchpad Bug #1732947, the preferred fix is a 14.x version after 14.0.10, a 15.x version after 15.0.8, or a 16.x version after 16.0.3.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

NVDopenstack/nova14.0.9+11
PyPInova16.0.016.0.3+2
Debiannova< 2:16.0.3-1+3

🔴Vulnerability Details

5
GHSA
OpenStack Nova Filter Scheduler Bypass2022-05-13
OSV
OpenStack Nova Filter Scheduler Bypass2022-05-13
GHSA
OpenStack Nova DoS by rebuilding the same instance with a new image multiple times2022-05-13
CVEList
CVE-2017-16239: In OpenStack Nova through 142017-11-14
OSV
CVE-2017-16239: In OpenStack Nova through 142017-11-14

📋Vendor Advisories

3
Red Hat
openstack-nova: Nova FilterScheduler doubles resource allocations during rebuild with new image2017-12-05
Red Hat
openstack-nova: Nova Filter Scheduler bypass through rebuild action2017-11-14
Debian
CVE-2017-16239: nova - In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, ...2017

💬Community

3
Bugzilla
CVE-2017-17051 openstack-nova: Nova FilterScheduler doubles resource allocations during rebuild with new image2017-11-30
Bugzilla
CVE-2017-16239 openstack-nova: Nova Filter Scheduler bypass through rebuild action [openstack-rdo]2017-11-14
Bugzilla
CVE-2017-16239 openstack-nova: Nova Filter Scheduler bypass through rebuild action2017-11-01
CVE-2017-16239 (MEDIUM CVSS 6.5) | In OpenStack Nova through 14.0.9 | cvebase.io