Lucene search
Veracode Vulnerability DatabaseVERACODE:26503HistoryAug 27, 2020 - 3:57 a.m.
Authorization Bypass
2020-08-2703:57:23
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
authorization bypass
nova
block device
vulnerability
cinder volumes
destination host devices
EPSS
0.002
Percentile
54.1%
nova is vulnerable to authorization bypass. The vulnerability exists as it was possible to include block devices that maps to different Cinder volumes from the source, allowing access to destination host devices that share the same paths as the previous host devices.
References
www.openwall.com/lists/oss-security/2020/08/25/4
github.com/openstack/nova/commit/1bb8ee95d4c3ddc3f607ac57526b75af1b7fbcff
launchpad.net/bugs/1890501
review.opendev.org/#/c/747978/
seclists.org/oss-sec/2020/q3/137
security.openstack.org/ossa/OSSA-2020-006.html
www.openwall.com/lists/oss-security/2020/08/25/4
Related
github
github
OpenStack Nova Live migration fails to update persistent domain XML
2022-05-24 17:26:41
osv
osv
PYSEC-2020-243
2020-08-26 19:15:00
CVE-2020-17376
2020-08-26 19:15:14
nova vulnerabilities
2023-02-13 10:41:19
nessus
nessus
RHEL 8 : openstack-nova (RHSA-2020:3702)
2020-09-10 00:00:00
RHEL 8 : openstack-nova (RHSA-2020:3704)
2020-09-10 00:00:00
RHEL 8 : openstack-nova (RHSA-2020:3706)
2020-09-10 00:00:00
redhatcve
redhatcve
CVE-2020-17376
2020-08-25 15:34:10
cve
cve
CVE-2020-17376
2020-08-26 19:15:14
redhat
redhat
(RHSA-2020:3704) Important: openstack-nova security update
2020-09-10 05:00:03
(RHSA-2020:3706) Important: openstack-nova security update
2020-09-10 06:39:05
(RHSA-2020:3711) Important: openstack-nova security update
2020-09-10 07:59:42
ubuntucve
ubuntucve
CVE-2020-17376
2020-08-26 00:00:00
prion
prion
Design/Logic Flaw
2020-08-26 19:15:00
cvelist
cvelist
CVE-2020-17376
2020-08-26 18:45:28
nvd
nvd
CVE-2020-17376
2020-08-26 19:15:14
debiancve
debiancve
CVE-2020-17376
2020-08-26 19:15:14
ubuntu
ubuntu
Nova vulnerabilities
2023-02-13 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-5866-1)
2023-02-14 00:00:00