Openstack Nova vulnerabilities
66 known vulnerabilities affecting openstack/nova.
Total CVEs
66
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH11MEDIUM41LOW13
Vulnerabilities
Page 2 of 4
CVE-2011-4596P4MEDIUMCVSS 6.0≥ 2011.3, < 2011.3.12011-12-23
CVE-2011-4596 [MEDIUM] CWE-22 CVE-2011-4596: Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and
Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted (1) tarball or (2) manifest.
ghsanvdosv
CVE-2011-4076P4MEDIUMCVSS 5.9≥ 2010.1, < 2012.12019-11-26
CVE-2011-4076 [MEDIUM] CWE-200 CVE-2011-4076: OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a userna
OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY (equivalent to a password). Exposing the EC2_ACCESS_KEY via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the EC2_SECRET_KEY. An attacker could also presumably brute force
ghsanvdosv
CVE-2015-7713P4MEDIUMCVSS 5.0≥ 2014.2, < 2014.2.4≥ 2015.1.0, < 2015.1.22015-10-29
CVE-2015-7713 [MEDIUM] CWE-254 CVE-2015-7713: OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly
OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.
ghsanvdosv
CVE-2022-47951P4MEDIUMCVSS 5.7fixed in 24.1.2≥ 25.0.0, < 25.0.22023-01-26
CVE-2022-47951 [MEDIUM] CWE-22 CVE-2022-47951: An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance be
An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a c
ghsanvdosv
CVE-2016-7498P4MEDIUMCVSS 6.8≥ 0, < 2:13.1.0-12016-09-27
CVE-2016-7498 [MEDIUM] CVE-2016-7498: OpenStack Compute (nova) 13
OpenStack Compute (nova) 13.0.0 does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state. NOTE: this vulnerability exists because of a CVE-2015-3280 regression.
osv
CVE-2015-8749P4MEDIUMCVSS 5.9≥ 12.0.0, < 12.0.1≥ 2015.1.0, < 2015.1.32016-01-15
CVE-2015-8749 [MEDIUM] CWE-200 CVE-2015-8749: The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and
The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading log files or other unspecified vectors.
ghsanvdosv
CVE-2013-2256P4MEDIUMCVSS 6.0≥ 2013.1, < 2013.1.3v2013.22013-09-16
CVE-2013-2256 [MEDIUM] CWE-264 CVE-2013-2256: OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os
OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive information (flavor properties), boot arbitrary flavors, and possibly have other unspecified impacts by guessing the flavor id.
ghsanvdosv
CVE-2012-3360P4MEDIUMCVSS 5.5≥ 0, < 12.0.0a02022-05-17
CVE-2012-3360 [MEDIUM] CWE-22 OpenStack Nova Directory traversal vulnerability
OpenStack Nova Directory traversal vulnerability
Directory traversal vulnerability in `virt/disk/api.py` in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element.
ghsaosv
CVE-2015-3241P4MEDIUMCVSS 6.8≥ 2014.2, ≤ 2014.2.3≥ 2015.1.0, ≤ 2015.1.12015-09-08
CVE-2015-3241 [MEDIUM] CWE-399 CVE-2015-3241: OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration
OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service (disk, network, and other resource consumption) by resizing and then deleting an instance.
ghsanvdosv
CVE-2015-3280P4MEDIUMCVSS 6.8≥ 2014.2, < 2014.2.4≥ 2015.1.0, < 2015.1.22015-10-26
CVE-2015-3280 [MEDIUM] CWE-399 CVE-2015-3280: OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properl
OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state.
ghsanvdosv
CVE-2013-0208P4MEDIUMCVSS 6.5≥ 0, < 2012.1.1-122013-02-13
CVE-2013-0208 [MEDIUM] CVE-2013-0208: The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from oth
The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter.
osv
CVE-2012-3361P4MEDIUMCVSS 5.5≥ 0, < 12.0.0a02022-05-17
CVE-2012-3361 [MEDIUM] OpenStack Nova Arbitrary file injection/corruption through directory traversal issues
OpenStack Nova Arbitrary file injection/corruption through directory traversal issues
`virt/disk/api.py` in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image.
ghsaosv
CVE-2015-0259P4MEDIUMCVSS 5.1≥ 2014.1, < 2014.1.4≥ 2014.2, < 2014.2.3+1 more2015-04-01
CVE-2015-0259 [MEDIUM] CWE-345 CVE-2015-0259: OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not
OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage.
ghsanvdosv
CVE-2012-3447P4MEDIUMCVSS 4.9v2012.12012-08-20
CVE-2012-3447 [MEDIUM] CVE-2012-3447: virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 all
virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3361.
ghsanvdosv
CVE-2013-1664P4MEDIUMCVSS 5.0≥ 0, < 2012.1.1-132013-04-03
CVE-2013-1664 [MEDIUM] CVE-2013-1664: The XML libraries for Python 3
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.
osv
CVE-2012-0030P4MEDIUMCVSS 4.9v2011.32012-01-13
CVE-2012-0030 [MEDIUM] CWE-264 CVE-2012-0030: Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass acc
Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter.
nvdosv
CVE-2012-2654P4MEDIUMCVSS 4.3≥ 0, < 12.0.0a02022-05-17
CVE-2012-2654 [MEDIUM] CWE-20 OpenStack Compute (Nova) Improper Input Validation
OpenStack Compute (Nova) Improper Input Validation
The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions.
ghsaosv
CVE-2013-6419P4MEDIUMCVSS 5.0≥ 0, < 12.0.0a02022-05-17
CVE-2013-6419 [MEDIUM] CWE-200 OpenStack Nova Router metadata queries are not restricted by tenant
OpenStack Nova Router metadata queries are not restricted by tenant
Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by (1) api/metadata/handler.py in Nova and
ghsaosv
CVE-2013-1068P4MEDIUMCVSS 5.0≥ 0, < 2014.1.1-42014-06-19
CVE-2013-1068 [MEDIUM] CVE-2013-1068: The OpenStack Nova (python-nova) package 1:2013
The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder (python-cinder) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properly set the sudo configuration, which makes it easier for attackers to gain privileges by leveraging another vulner
osv
CVE-2015-7548P4LOWCVSS 3.5≥ 12.0.0, < 12.0.1≥ 2015.1.0, < 2015.1.32016-01-12
CVE-2015-7548 [LOW] CWE-200 CVE-2015-7548: OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvi
OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot.
nvdosv