Search for packages
| purl | pkg:deb/debian/nova@2:18.1.0-6 |
| Next non-vulnerable version | 2:26.2.2-1~deb12u3 |
| Latest non-vulnerable version | 2:26.2.2-1~deb12u3 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1fb2-ccby-7yfq
Aliases: CVE-2020-17376 GHSA-c7w7-9c85-4qxv PYSEC-2020-243 |
An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths as host devices previously referenced by the virtual machine on the source host. This can include block devices that map to different Cinder volumes at the destination than at the source. Only deployments allowing host-based connections (for instance, root and ephemeral devices) are affected. |
Affected by 5 other vulnerabilities. |
|
VCID-2dpk-ncrc-1fcw
Aliases: CVE-2019-14433 GHSA-pg64-r7rr-phv8 PYSEC-2019-191 |
An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data. |
Affected by 5 other vulnerabilities. |
|
VCID-br4q-499g-vqhg
Aliases: CVE-2022-47951 GHSA-7h75-hwxx-qpgc |
OpenStack Cinder, glance, and Nova vulnerable to Path Traversal An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. |
Affected by 5 other vulnerabilities. |
|
VCID-h6rd-5p7q-s3gq
Aliases: CVE-2024-32498 GHSA-r4v4-w9pv-6fph |
OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected. |
Affected by 0 other vulnerabilities. |
|
VCID-qfdm-g857-3yb5
Aliases: CVE-2015-9543 GHSA-22jm-4hxw-35jf |
OpenStack Nova can leak consoleauth token into log files An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is related to `NovaProxyRequestHandlerBase.new_websocket_client` in `console/websocketproxy.py`. |
Affected by 5 other vulnerabilities. |
|
VCID-s69v-tc7x-37fe
Aliases: CVE-2026-24708 GHSA-m4f3-qp2w-gwh6 |
OpenStack Nova calls qemu-img without format restrictions for resize An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in an unsafe image resize operation that could destroy data on the host system. Only compute nodes using the Flat image backend (usually configured with use_cow_images=False) are affected. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1qbm-qguj-gkem | OpenStack Nova Filter Scheduler Bypass In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova Filter Scheduler are affected. Because of the regression described in Launchpad Bug #1732947, the preferred fix is a 14.x version after 14.0.10, a 15.x version after 15.0.8, or a 16.x version after 16.0.3. |
CVE-2017-16239
GHSA-w2wf-cgwh-vpqg |
| VCID-cwub-w9dp-wfgy | OpenStack Nova DoS by rebuilding the same instance with a new image multiple times An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regression was introduced with the fix for OSSA-2017-005 (CVE-2017-16239); however, only Nova stable/pike or later deployments with that fix applied and relying on the default FilterScheduler are affected. |
CVE-2017-17051
GHSA-vq76-rxx3-4r4r |
| VCID-cy7p-gzf8-eqcj | OpenStack Nova Denial of service attack on the compute host An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected. |
CVE-2017-18191
GHSA-ffmh-r67w-m88f |