Nova@* Security Vulnerabilities and Issues — Nova@* CVE List

OpenstackNova*

8 matches found

CVE•added 2022/03/02 12:0 a.m.•203 views

CVE-2021-3654

The CVE-2021-3654 issue affects openstack-nova’s console proxy, noVNC, where crafting a malicious URL can trigger an open redirect to an attacker-controlled site. This could enable users to be redirected to a malicious page, potentially exposing sensitive information or enabling further actions. ...

6.1CVSS6.1AI score0.87177EPSS

CVE•added 2019/08/09 6:21 p.m.•162 views

CVE-2019-14433

The CVE-2019-14433 issue affects OpenStack Nova (versions before 17.0.12, 18.x before 18.2.2, 19.x before 19.0.2). It allows authenticated API requests that fault to leak environment details in responses, potentially exposing sensitive configuration data (partial confidentiality impact). Red Hat ...

6.5CVSS6.1AI score0.01301EPSS

CVE•added 2023/01/26 12:0 a.m.•131 views

CVE-2022-47951

CVE-2022-47951 affects OpenStack components (Cinder, Glance, Nova): by supplying a specially crafted VMDK flat image referencing a backing file path, an authenticated user could cause the server to return the contents of that backing file, enabling unauthorized data access. Affected ranges: Cinde...

5.7CVSS5.1AI score0.00615EPSS

CVE•added 2020/08/26 6:45 p.m.•114 views

CVE-2020-17376

CVE-2020-17376 : In OpenStack Nova, a vulnerability in Guest.migrate (virt/libvirt/guest.py) allows a user to access destination-host devices that share paths with source-host devices after performing a soft reboot of an instance that has previously undergone live migration. Affected are OpenStac...

8.3CVSS8.1AI score0.00385EPSS

CVE•added 2022/08/03 6:43 a.m.•110 views

CVE-2022-37394

CVE-2022-37394 (OpenStack Nova) : An issue in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2 allows an authenticated user to cause a compute service denial of service. The attack sequence is: create a Neutron port with the direct vnic_type, create an instance bound to th...

3.3CVSS3.9AI score0.00266EPSS

CVE•added 2024/07/05 12:0 a.m.•99 views

CVE-2024-32498

CVE-2024-32498 affects OpenStack components: Cinder (up to 24.0.0), Glance (up to 28.0.2), and Nova (up to 29.0.3). The issue allows arbitrary file access via a crafted QCOW2 external data reference; an authenticated user can cause the server to return contents of a sensitive file by referencing ...

6.5CVSS6.3AI score0.00214EPSS

CVE•added 2020/02/19 2:11 a.m.•98 views

CVE-2015-9543

OpenStack Nova up to 18.2.4, 19.x up to 19.1.0, and 20.x up to 20.1.0 is vulnerable to leaking consoleauth tokens into log files when using novncproxy. The issue is tied to NovaProxyRequestHandlerBase.new_websocket_client in console/websocketproxy.py. A user with read access to the service logs c...

3.3CVSS3.9AI score0.00083EPSS

CVE•added 2024/07/24 12:0 a.m.•95 views

CVE-2024-40767

CVE-2024-40767 affects OpenStack Nova: before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, where supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or a VMDK flat image with a descriptor file path can cause the server to return the contents of the refe...

6.5CVSS6.5AI score0.00835EPSS