Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : Nova vulnerabilities (USN-5866-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5866-1 advisory. It was discovered that Nova did not properly manage data logged into the log file. An attacker with read access to the service's...

[SECURITY] [DSA 5337-1] nova security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5337-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 01, 2023 https://www.debian.org/security/faq -...

DEBIAN-CVE-2022-47951

An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, a...

CVE-2022-37394

An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnictype, creating an instance bound to that port, and then changing the vnictype of the bound port to macvtap, an authenticated user may cause the compu...

GHSA-V725-C588-H936 OpenStack Nova Changing vnic_type breaks compute service restart

An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnictype, creating an instance bound to that port, and then changing the vnictype of the bound port to macvtap, an authenticated user may cause the compu...

OpenStack Nova Changing vnic_type breaks compute service restart

An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnictype, creating an instance bound to that port, and then changing the vnictype of the bound port to macvtap, an authenticated user may cause the compu...

CVE-2022-37394

An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnictype, creating an instance bound to that port, and then changing the vnictype of the bound port to macvtap, an authenticated user may cause the compu...

Design/Logic Flaw

An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnictype, creating an instance bound to that port, and then changing the vnictype of the bound port to macvtap, an authenticated user may cause the compu...

UBUNTU-CVE-2022-37394

An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnictype, creating an instance bound to that port, and then changing the vnictype of the bound port to macvtap, an authenticated user may cause the compu...

CVE-2022-37394

An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnictype, creating an instance bound to that port, and then changing the vnictype of the bound port to macvtap, an authenticated user may cause the compu...

CVE-2022-37394

An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnictype, creating an instance bound to that port, and then changing the vnictype of the bound port to macvtap, an authenticated user may cause the compu...

PT-2022-23970 · Openstack +4 · Openstack Nova +4

Name of the Vulnerable Software and Affected Versions: OpenStack Nova versions prior to 23.2.2 OpenStack Nova versions 24.x prior to 24.1.2 OpenStack Nova versions 25.x prior to 25.0.2 Description: An issue was discovered in OpenStack Nova where an authenticated user may cause the compute service...

GHSA-C7W7-9C85-4QXV OpenStack Nova Live migration fails to update persistent domain XML

An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths ...

GHSA-22JM-4HXW-35JF OpenStack Nova can leak consoleauth token into log files

An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is...

GHSA-PG64-R7RR-PHV8 OpenStack Nova Server Resource Faults Leak External Exception Details

An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensiti...

GHSA-CM54-3VVF-F5P8 OpenStack Nova Arbitrary file injection/corruption through directory traversal issues

virt/disk/api.py in OpenStack Compute Nova Folsom 2012.2, Essex 2012.1, and Diablo 2011.3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image...

GHSA-RWHR-H69G-8QMQ OpenStack Nova Information leak in libvirt LVM-backed instances

OpenStack Compute Nova Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume PV content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume L...

GHSA-22W9-J288-8P9W OpenStack Nova Router metadata queries are not restricted by tenant

Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by 1...

GHSA-JV34-XVJQ-PPCH OpenStack Nova VMWare driver leaks rescued images

The VMWare driver in OpenStack Compute Nova 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service resource consumption by requesting the VM be put into rescue and then deleting the imag...

OpenStack Nova uses insecure keystone middleware tmpdir by default

keystone/middleware/authtoken.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova...