CVE-2020-17376

CWE-611XML External Entity (XXE)CWE-200Information Exposure9 documents8 sources
Severity
8.3HIGH
EPSS
0.4%
top 40.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openstack Nova
Timeline
PublishedAug 26
Latest updateFeb 13

Description

An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths as host devices previously referenced by the virtual machine on the source host. This can include block devices that map to different Cinder volumes at the destination than at the source. Only deployment

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:LExploitability: 2.8 | Impact: 5.5

Affected Packages3 packages

NVDopenstack/nova20.0.020.3.1+2
PyPInova20.0.020.3.1+1
Debiannova< 2:21.1.0-1+3

Patches

Patch: www.openwall.comPatch: security.openstack.orgPatch: www.openwall.com

🔴Vulnerability Details

4
OSV
OpenStack Nova Live migration fails to update persistent domain XML2022-05-24
GHSA
OpenStack Nova Live migration fails to update persistent domain XML2022-05-24
CVEList
CVE-2020-17376: An issue was discovered in Guest2020-08-26
OSV
CVE-2020-17376: An issue was discovered in Guest2020-08-26

📋Vendor Advisories

3
Ubuntu
Nova vulnerabilities2023-02-13
Red Hat
openstack-nova: Soft reboot after live-migration reverts instance to original source domain XML2020-08-25
Debian
CVE-2020-17376: nova - An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack N...2020

💬Community

1
Bugzilla
CVE-2020-17376 openstack-nova: Soft reboot after live-migration reverts instance to original source domain XML2020-08-17