Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/openstack-nova@1:19.1.0-0.20200207070459.bf9d9e5?arch=el8ost

Type rpm

Namespace redhat

Name openstack-nova

Version 1:19.1.0-0.20200207070459.bf9d9e5

Qualifiers

arch	el8ost

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-1fb2-ccby-7yfq

vulnerability_id

VCID-1fb2-ccby-7yfq

summary

An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths as host devices previously referenced by the virtual machine on the source host. This can include block devices that map to different Cinder volumes at the destination than at the source. Only deployments allowing host-based connections (for instance, root and ephemeral devices) are affected.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17376.json

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17376.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-17376

reference_id

reference_type

scores

value	0.00385
scoring_system	epss
scoring_elements	0.59774
published_at	2026-04-21T12:55:00Z

value	0.00385
scoring_system	epss
scoring_elements	0.5979
published_at	2026-04-18T12:55:00Z

value	0.00385
scoring_system	epss
scoring_elements	0.59784
published_at	2026-04-16T12:55:00Z

value	0.00385
scoring_system	epss
scoring_elements	0.59629
published_at	2026-04-01T12:55:00Z

value	0.00385
scoring_system	epss
scoring_elements	0.59701
published_at	2026-04-02T12:55:00Z

value	0.00385
scoring_system	epss
scoring_elements	0.59695
published_at	2026-04-07T12:55:00Z

value	0.00385
scoring_system	epss
scoring_elements	0.59726
published_at	2026-04-04T12:55:00Z

value	0.00385
scoring_system	epss
scoring_elements	0.59746
published_at	2026-04-13T12:55:00Z

value	0.00385
scoring_system	epss
scoring_elements	0.59764
published_at	2026-04-12T12:55:00Z

value	0.00385
scoring_system	epss
scoring_elements	0.5978
published_at	2026-04-11T12:55:00Z

value	0.00385
scoring_system	epss
scoring_elements	0.59761
published_at	2026-04-09T12:55:00Z

value	0.00385
scoring_system	epss
scoring_elements	0.59747
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-17376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17376
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17376

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/openstack/nova

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/nova

reference_url

https://github.com/openstack/nova/commit/1bb8ee95d4c3ddc3f607ac57526b75af1b7fbcff

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/nova/commit/1bb8ee95d4c3ddc3f607ac57526b75af1b7fbcff

reference_url

https://github.com/openstack/nova/commit/2faf17995dd9daa6f0b91e44be43264e447c678d

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/nova/commit/2faf17995dd9daa6f0b91e44be43264e447c678d

reference_url

https://github.com/openstack/nova/commit/a721ca5f510ce3c8ef24f22dac9e475b3d7651db

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/nova/commit/a721ca5f510ce3c8ef24f22dac9e475b3d7651db

reference_url

https://github.com/openstack/nova/commit/b9ea91d17703f5b324a50727b6503ace0f4e95eb

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/nova/commit/b9ea91d17703f5b324a50727b6503ace0f4e95eb

reference_url

https://github.com/openstack/nova/commit/c438fd9a0eb1903306a53ab44e3ae80660d8a429

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/nova/commit/c438fd9a0eb1903306a53ab44e3ae80660d8a429

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2020-243.yaml

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2020-243.yaml

reference_url

https://launchpad.net/bugs/1890501

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://launchpad.net/bugs/1890501

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-17376

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-17376

reference_url

https://security.openstack.org/ossa/OSSA-2020-006.html

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.openstack.org/ossa/OSSA-2020-006.html

reference_url

http://www.openwall.com/lists/oss-security/2020/08/25/4

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2020/08/25/4

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1869426
reference_id	1869426
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1869426

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969052
reference_id	969052
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969052

reference_url

https://github.com/advisories/GHSA-c7w7-9c85-4qxv

reference_id

GHSA-c7w7-9c85-4qxv

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-c7w7-9c85-4qxv

reference_url	https://access.redhat.com/errata/RHSA-2020:3702
reference_id	RHSA-2020:3702
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3702

reference_url	https://access.redhat.com/errata/RHSA-2020:3704
reference_id	RHSA-2020:3704
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3704

reference_url	https://access.redhat.com/errata/RHSA-2020:3706
reference_id	RHSA-2020:3706
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3706

reference_url	https://access.redhat.com/errata/RHSA-2020:3708
reference_id	RHSA-2020:3708
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3708

reference_url	https://access.redhat.com/errata/RHSA-2020:3711
reference_id	RHSA-2020:3711
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3711

reference_url	https://usn.ubuntu.com/5866-1/
reference_id	USN-5866-1
reference_type
scores
url	https://usn.ubuntu.com/5866-1/

fixed_packages

aliases

CVE-2020-17376, GHSA-c7w7-9c85-4qxv, PYSEC-2020-243

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-1fb2-ccby-7yfq

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openstack-nova@1:19.1.0-0.20200207070459.bf9d9e5%3Farch=el8ost

Package Instance