nova is vulnerable to authorization bypass. The vulnerability exists as it was possible to include block devices that maps to different Cinder volumes from the source, allowing access to destination host devices that share the same paths as the previous host devices.
www.openwall.com/lists/oss-security/2020/08/25/4
github.com/openstack/nova/commit/1bb8ee95d4c3ddc3f607ac57526b75af1b7fbcff
launchpad.net/bugs/1890501
review.opendev.org/#/c/747978/
seclists.org/oss-sec/2020/q3/137
security.openstack.org/ossa/OSSA-2020-006.html
www.openwall.com/lists/oss-security/2020/08/25/4