Openstack Nova vulnerabilities
66 known vulnerabilities affecting openstack/nova.
Total CVEs
66
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH11MEDIUM41LOW13
Vulnerabilities
Page 3 of 4
CVE-2014-3517P4MEDIUMCVSS 4.3≥ 2013.2, ≤ 2013.2.4≥ 2014.1, < 2014.1.2+1 more2014-08-07
CVE-2014-3517 [MEDIUM] CWE-200 CVE-2014-3517: api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Jun
api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests.
ghsanvdosv
CVE-2013-4278P4MEDIUMCVSS 6.0≥ 0, < 12.0.0a02022-05-17
CVE-2013-4278 [MEDIUM] OpenStack Compute (Nova) Resource limit circumvention in Nova private flavors
OpenStack Compute (Nova) Resource limit circumvention in Nova private flavors
The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: this issue is due to an incomplete fix for CVE-2013-2256.
ghsaosv
CVE-2013-6491P4MEDIUMCVSS 4.3≥ 0, < 2013.2.3-12014-02-02
CVE-2013-6491 [MEDIUM] CVE-2013-6491: The python-qpid client (common/rpc/impl_qpid
The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network.
osv
CVE-2014-3708P4MEDIUMCVSS 4.0≥ 2014.1, < 2014.1.4≥ 2014.2, < 2014.2.12014-10-31
CVE-2014-3708 [MEDIUM] CWE-399 CVE-2014-3708: OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated us
OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API request.
ghsanvdosv
CVE-2013-4185P4MEDIUMCVSS 4.0≥ 0, < 12.0.0a02022-05-14
CVE-2013-4185 [MEDIUM] OpenStack Nova Denial of Service in network source security groups
OpenStack Nova Denial of Service in network source security groups
Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of server-creation operations, which triggers a
ghsaosv
CVE-2013-4179P4MEDIUMCVSS 5.0≥ 0, < 2013.22022-05-17
CVE-2013-4179 [MEDIUM] CWE-119 OpenStack Compute (Nova) vulnerable to denial of service via XML Entity Expansion attack
OpenStack Compute (Nova) vulnerable to denial of service via XML Entity Expansion attack
The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CV
ghsaosv
CVE-2012-5625P4MEDIUM≥ 0, < 12.0.0a02022-05-17
CVE-2012-5625 [MEDIUM] CWE-200 OpenStack Nova Information leak in libvirt LVM-backed instances
OpenStack Nova Information leak in libvirt LVM-backed instances
OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume (LV).
ghsaosv
CVE-2013-1838P4HIGHCVSS 4.0≥ 0, < 12.0.0a02022-05-17
CVE-2013-1838 [HIGH] CWE-770 OpenStack Compute (Nova) Denial of service via a large number of calls to the addFixedIp function
OpenStack Compute (Nova) Denial of service via a large number of calls to the addFixedIp function
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls
ghsaosv
CVE-2015-2687P4MEDIUMCVSS 4.7≥ 0, < 15.0.0.0b12022-05-17
CVE-2015-2687 [MEDIUM] CWE-284 OpenStack Compute (Nova) Improper Access Control
OpenStack Compute (Nova) Improper Access Control
OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for.
ghsaosv
CVE-2013-6437P4MEDIUMCVSS 4.0≥ 2013.1, < 2013.1.5≥ 2013.2, < 2013.2.2+1 more2014-03-06
CVE-2013-6437 [MEDIUM] CWE-399 CVE-2013-6437: The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and icehouse before icehouse-2 allows
The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and icehouse before icehouse-2 allows remote authenticated users to cause a denial of service (disk consumption) by creating and deleting instances with unique os_type settings, which triggers the creation of a new ephemeral disk backing file.
ghsanvdosv
CVE-2014-8333P4MEDIUMCVSS 4.0≥ 2014.1, < 2014.1.42014-10-31
CVE-2014-8333 [MEDIUM] CWE-399 CVE-2014-8333: The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to c
The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state.
ghsanvdosv
CVE-2013-4261P4LOWCVSS 3.5≥ 0, < 2013.2-12013-10-29
CVE-2013-4261 [LOW] CVE-2013-4261: OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during m
OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as demonstrated using multiple requests that send long strings t
osv
CVE-2014-0134P4LOWCVSS 3.5≥ 0, < 12.0.0a02022-05-17
CVE-2014-0134 [LOW] CWE-200 OpenStack Nova host data leak to vm instance in rescue mode
OpenStack Nova host data leak to vm instance in rescue mode
The instance rescue mode in OpenStack Compute (Nova) 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and use_cow_images is set to false, allows remote authenticated users to read certain compute host files by overwriting an instance disk with a crafted image.
ghsaosv
CVE-2012-1585P4MEDIUMCVSS 4.0≥ 2011.1, < 2011.32012-08-17
CVE-2012-1585 [MEDIUM] CWE-399 CVE-2012-1585: OpenStack Compute (Nova) Essex before 2011.3 allows remote authenticated users to cause a denial of
OpenStack Compute (Nova) Essex before 2011.3 allows remote authenticated users to cause a denial of service (Nova-API log file and disk consumption) via a long server name.
ghsanvdosv
CVE-2012-3371P4LOWCVSS 3.5≥ 0, < 12.0.0a02022-05-17
CVE-2012-3371 [LOW] CWE-20 OpenStack Nova Scheduler denial of service through scheduler_hints
OpenStack Nova Scheduler denial of service through scheduler_hints
The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section.
ghsaosv
CVE-2012-2101P4LOWCVSS 3.5v2011.3v2012.1+1 more2012-06-07
CVE-2012-2101 [LOW] CWE-264 CVE-2012-2101: Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rule
Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service (CPU and hard drive consumption) via a network request that triggers a large number of iptables rules.
ghsanvdosv
CVE-2015-9543P4LOWCVSS 3.3fixed in 18.2.4≥ 19.0.0, < 19.1.0+1 more2020-02-19
CVE-2015-9543 [LOW] CWE-200 CVE-2015-9543: An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0.
An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is related to NovaProxyRequestHandlerBase.new_websocket_client
ghsanvdosv
CVE-2014-3608P4LOWCVSS 2.7≥ 2013.2, ≤ 2013.2.4≥ 2014.1, < 2014.1.32014-10-06
CVE-2014-3608 [LOW] CVE-2014-3608: The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote authenticated users to b
The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by putting the VM into the rescue state, suspending it, which puts into an ERROR state, and then deleting the image. NOTE: this vulnerability exists because of an incomplete fix for CVE-201
ghsanvdosv
CVE-2014-2573P4HIGHCVSS 2.3≥ 0, < 12.0.0a02022-05-17
CVE-2014-2573 [HIGH] CWE-770 OpenStack Nova VMWare driver leaks rescued images
OpenStack Nova VMWare driver leaks rescued images
The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image.
ghsaosv
CVE-2022-37394P4LOWCVSS 3.3fixed in 23.2.2≥ 24.0.0, < 24.1.2+1 more2022-08-03
CVE-2022-37394 [LOW] CVE-2022-37394: An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2.
An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnic_type, creating an instance bound to that port, and then changing the vnic_type of the bound port to macvtap, an authenticated user may cause the compute service to fail to restart, resulting in a possible denial o
ghsanvdosv