Information Disclosure

openstack-nova is vulnerable to information disclosure attacks. The vulnerability exists as an issue was discovered in exceptionwrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may...

Arbitrary File Read

openstack-nova is vulnerable to arbitrary file read attacks. The vulnerability exists as the libvirt driver in OpenStack Compute Nova before 2015.1.4 kilo and 12.0.x before 12.0.3 liberty, when using raw storage and usecowimages is set to false, allows remote authenticated users to read arbitrary...

Denial Of Service (DoS)

openstack-nova is vulnerable to denial of service DoS attacks. The vulnerability exists as OpenStack Compute nova 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service...

Denial Of Service (DoS)

openstack-nova is vulnerable to denial of service. The VM instances performed look-ups based on an IP address filter that is not properly processed, allowing an attacker with sufficient privileges in the OpenStack installation with a large amount of VMs to cause excessive CPU consumption in the...

Denial Of Service (DoS)

openstack-nova is vulnerable to denial of service DoS attacks. The vulnerability exists as the VMWare driver in OpenStack Compute Nova before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service resource consumption by putting the VM into the rescue...

Authorization Bypass

openstack-nova is vulnerable to authorization bypass attacks. The vulnerability exists through a race condition in the VMware driver in OpenStack Compute Nova before 2014.1.4 and 2014.2 before 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance that...

Denial Of Service (DoS)

openstack-nova is vulnerable to denial of service DoS attacks. The vulnerability exists as the XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute Nova Essex and Folsom; Cinder Folsom; Django; and possibly other products all...

Bruteforce Attack

openstack-nova is vulnerable to bruteforce attacks. The vulnerability exists as api/metadata/handler.py in OpenStack Compute Nova before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instanc...

Information Disclosure

openstack-nova is vulnerable to information disclosure. When using libvirt and LVM backed instances, the contents of the physical volume PV are not properly wiped before the volume is returned to the system for use again, which could lead to the new instance being able to access confidential file...

Information Disclosure

openstack-nova is vulnerable to information disclosure attacks. The vulnerability exists in the instance rescue mode in OpenStack Compute Nova 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and usecowimages is set to false, allows remote authenticated users ...

Authorization Bypass

openstack-nova allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port...

openstack-nova: Swapping encrypted volumes can allow an attacker to corrupt the LUKS header causing a denial of service in the host

OpenStack Nova has a vulnerability in the handling of encrypted volumes. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. All Nova installations supporting...

openstack-nova: Swapping encrypted volumes can allow an attacker to corrupt the LUKS header causing a denial of service in the host

OpenStack Nova has a vulnerability in the handling of encrypted volumes. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. All Nova installations supporting...

Security Bulletin: OpenStack vulnerabilities affect IBM Cloud Manager with Openstack (CVE-2015-7548, CVE-2015-8749 CVE-2015-1850)

Summary IBM Cloud Manager with Openstack is vulnerable to several Openstack Nova vulerabilities, which could allow a local authenticated attacker or a remote attacker to obtain sensitive information Vulnerability Details CVEID: CVE-2015-8749 DESCRIPTION: OpenStack Nova could allow a remote attack...

Security Bulletin: IBM Cloud Manager with OpenStack is affected by an OpenStack Nova vulnerability

Summary A security vulnerability has been identified in OpenStack Nova that is used by IBM Cloud Manager with OpenStack. This vulnerability only affects IBM Cloud Manager with OpenStack version that ships kilo version of OpenStack. IBM Cloud Manager with OpenStack has addressed these...

Security Bulletin: OpenStack Nova vulnerabilities affect IBM Cloud Manager with OpenStack (CVE-2016-2140)

Summary IBM Cloud Manager with Openstack is vulnerable to a OpenStack Nova vulnerablities. An attacker could exploit this vulnerability to obtain sensitive information by a host data leak in resize/migration. Vulnerability Details CVEID: CVE-2016-2140 DESCRIPTION: OpenStack Nova could allow a...

Security Bulletin: OpenStack Nova vulnerability affects IBM Cloud Manager with OpenStack (CVE-2017-7214)

Summary IBM Cloud Manager has addressed vulnerability in OpenStack Nova. Vulnerability Details CVE-ID: CVE-2017-7214 DESCRIPTION: OpenStack Nova could allow a remote attacker to obtain sensitive information, caused by a flaw in the exceptionwrapper.py. By viewing ERROR level logs, an attacker cou...

Security Bulletin: Nova Filter Scheduler bypass through rebuild action (CVE-2017-16239)

Summary OpenStack Nova could allow a remote authenticated attacker to bypass security restrictions. By rebuilding an instance, an attacker could exploit this vulnerability to achieve Filter Scheduler bypass. Vulnerability Details CVE-ID: CVE-2017-16239 Description: OpenStack Nova could allow a...

Security Bulletin: IBM PowerVC is affected by vulnerability in OpenStack Nova (CVE-2017-7214)

Summary OpenStack Nova could allow an attacker to obtain sensitive information from logs. Vulnerability Details CVEID: CVE-2017-7214 DESCRIPTION: Legacy notification exception contexts appearing in OpenStack Nova's ERROR level logs may include sensitive information such as account passwords and...

Security Bulletin: IBM PowerVC is impacted by OpenStack Nova information disclosure vulnerabilities (CVE-2015-1850, CVE-2015-7548)

Summary IBM PowerVC is impacted by OpenStack Nova information disclosure vulnerailities CVE-2015-1850, CVE-2015-7548 Vulnerability Details CVEID: CVE-2015-1850 DESCRIPTION: OpenStack Nova could allow a local attacker to obtain sensitive information, caused by the failure to provide input format t...