Search for packages
| purl | pkg:deb/debian/nova@2:13.1.0-2~bpo8%2B1 |
| Next non-vulnerable version | 2:26.2.2-1~deb12u3 |
| Latest non-vulnerable version | 2:26.2.2-1~deb12u3 |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1fb2-ccby-7yfq
Aliases: CVE-2020-17376 GHSA-c7w7-9c85-4qxv PYSEC-2020-243 |
An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths as host devices previously referenced by the virtual machine on the source host. This can include block devices that map to different Cinder volumes at the destination than at the source. Only deployments allowing host-based connections (for instance, root and ephemeral devices) are affected. |
Affected by 5 other vulnerabilities. |
|
VCID-1qbm-qguj-gkem
Aliases: CVE-2017-16239 GHSA-w2wf-cgwh-vpqg |
OpenStack Nova Filter Scheduler Bypass In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova Filter Scheduler are affected. Because of the regression described in Launchpad Bug #1732947, the preferred fix is a 14.x version after 14.0.10, a 15.x version after 15.0.8, or a 16.x version after 16.0.3. |
Affected by 9 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-2dpk-ncrc-1fcw
Aliases: CVE-2019-14433 GHSA-pg64-r7rr-phv8 PYSEC-2019-191 |
An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data. |
Affected by 5 other vulnerabilities. |
|
VCID-br4q-499g-vqhg
Aliases: CVE-2022-47951 GHSA-7h75-hwxx-qpgc |
OpenStack Cinder, glance, and Nova vulnerable to Path Traversal An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. |
Affected by 5 other vulnerabilities. |
|
VCID-cwub-w9dp-wfgy
Aliases: CVE-2017-17051 GHSA-vq76-rxx3-4r4r |
OpenStack Nova DoS by rebuilding the same instance with a new image multiple times An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regression was introduced with the fix for OSSA-2017-005 (CVE-2017-16239); however, only Nova stable/pike or later deployments with that fix applied and relying on the default FilterScheduler are affected. |
Affected by 6 other vulnerabilities. |
|
VCID-cy7p-gzf8-eqcj
Aliases: CVE-2017-18191 GHSA-ffmh-r67w-m88f |
OpenStack Nova Denial of service attack on the compute host An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected. |
Affected by 6 other vulnerabilities. |
|
VCID-h6rd-5p7q-s3gq
Aliases: CVE-2024-32498 GHSA-r4v4-w9pv-6fph |
OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected. |
Affected by 0 other vulnerabilities. |
|
VCID-jdb7-71q5-pfcx
Aliases: CVE-2017-7214 GHSA-f4g4-cj8f-3cr9 |
OpenStack Nova logs sensitive context from notification exceptions An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens. |
Affected by 9 other vulnerabilities. |
|
VCID-qfdm-g857-3yb5
Aliases: CVE-2015-9543 GHSA-22jm-4hxw-35jf |
OpenStack Nova can leak consoleauth token into log files An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is related to `NovaProxyRequestHandlerBase.new_websocket_client` in `console/websocketproxy.py`. |
Affected by 5 other vulnerabilities. |
|
VCID-s69v-tc7x-37fe
Aliases: CVE-2026-24708 GHSA-m4f3-qp2w-gwh6 |
OpenStack Nova calls qemu-img without format restrictions for resize An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in an unsafe image resize operation that could destroy data on the host system. Only compute nodes using the Flat image backend (usually configured with use_cow_images=False) are affected. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-5nfz-1bk3-93fe | OpenStack Nova instance migration process does not stop when instance is deleted OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service (disk, network, and other resource consumption) by resizing and then deleting an instance. |
CVE-2015-3241
GHSA-3vx7-xff6-h2vx |
| VCID-6n3z-x4zj-4bez | OpenStack Compute (Nova) allows remote attackers to bypass intended restriction A vulnerability was discovered in the way OpenStack Compute (nova) networking handled security group updates; changes were not applied to already running VM instances. A remote attacker could use this flaw to access running VM instances. |
CVE-2015-7713
GHSA-67rh-9p29-vrxr |
| VCID-7yp4-ebnm-g3c3 | OpenStack Nova host data access through resize/migration The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk. |
CVE-2016-2140
GHSA-49jv-37hm-6gfp |
| VCID-9se5-m6dx-8kcj | OpenStack Nova Potential Xen connection password leak via StorageError The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading log files or other unspecified vectors. |
CVE-2015-8749
GHSA-c36r-g737-9qp8 |
| VCID-ek6e-977t-3bew | OpenStack Compute (nova) allows remote authenticated users to cause a denial of service A flaw was found in the way OpenStack Compute (nova) handled the resize state. If an authenticated user deleted an instance while it was in the resize state, it could cause the original instance to not be deleted from the compute node it was running on, allowing the user to cause a denial of service. |
CVE-2015-3280
GHSA-mfmj-gwg3-vhw7 |
| VCID-k48d-ecqx-m3ed | openstack-nova: May fail to delete images in resize state regression |
CVE-2016-7498
|
| VCID-nb1y-cbzs-abhc | openstack-nova: Unprivileged API user can access host data using instance snapshot |
CVE-2015-7548
|
| VCID-zy9m-d25c-5uga | OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption A resource vulnerability in the OpenStack Compute (nova), Block Storage (cinder), and Image (glance) services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host out-of-memory errors and negatively affect other running tenant instances. oslo.concurrency has been updated to support process limits ('prlimit'), which is needed to fix this flaw. |
CVE-2015-5162
GHSA-g2j5-7vgx-6xrx |