Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/14664?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14664?format=api", "vulnerability_id": "VCID-1qbm-qguj-gkem", "summary": "OpenStack Nova Filter Scheduler Bypass\nIn OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova Filter Scheduler are affected. Because of the regression described in Launchpad Bug #1732947, the preferred fix is a 14.x version after 14.0.10, a 15.x version after 15.0.8, or a 16.x version after 16.0.3.", "aliases": [ { "alias": "CVE-2017-16239" }, { "alias": "GHSA-w2wf-cgwh-vpqg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037214?format=api", "purl": "pkg:deb/debian/nova@2:14.0.0-4%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fb2-ccby-7yfq" }, { "vulnerability": "VCID-1qbm-qguj-gkem" }, { "vulnerability": "VCID-2dpk-ncrc-1fcw" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-cwub-w9dp-wfgy" }, { "vulnerability": "VCID-cy7p-gzf8-eqcj" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-qfdm-g857-3yb5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:14.0.0-4%252Bdeb9u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/932897?format=api", "purl": "pkg:deb/debian/nova@2:16.0.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:16.0.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1052087?format=api", "purl": "pkg:deb/debian/nova@2:18.1.0-6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fb2-ccby-7yfq" }, { "vulnerability": "VCID-2dpk-ncrc-1fcw" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-qfdm-g857-3yb5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:18.1.0-6" }, { "url": "http://public2.vulnerablecode.io/api/packages/932857?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hd9e-1msb-uqa6" }, { "vulnerability": "VCID-m5vc-4my3-87gk" }, { "vulnerability": "VCID-zwuz-pgjz-rkb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932855?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932860?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932858?format=api", "purl": "pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932859?format=api", "purl": "pkg:deb/debian/nova@2:33.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000461?format=api", "purl": "pkg:deb/debian/nova@2:33.0.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1041985?format=api", "purl": "pkg:deb/debian/nova@2:33.0.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066837?format=api", "purl": "pkg:deb/debian/nova@2:33.0.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088711?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-1%3Fdistro=trixie" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037211?format=api", "purl": "pkg:deb/debian/nova@2012.1.1-18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fb2-ccby-7yfq" }, { "vulnerability": "VCID-1p1c-fevy-bydg" }, { "vulnerability": "VCID-1qbm-qguj-gkem" }, { "vulnerability": "VCID-2dpk-ncrc-1fcw" }, { "vulnerability": "VCID-5nfz-1bk3-93fe" }, { "vulnerability": "VCID-5w9q-vw2n-zfdu" }, { "vulnerability": "VCID-6n3z-x4zj-4bez" }, { "vulnerability": "VCID-7wvt-bvww-g7ck" }, { "vulnerability": "VCID-7yp4-ebnm-g3c3" }, { "vulnerability": "VCID-9se5-m6dx-8kcj" }, { "vulnerability": "VCID-az4e-wgmd-gyc3" }, { "vulnerability": "VCID-bauj-n7jg-gkd2" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-cwub-w9dp-wfgy" }, { "vulnerability": "VCID-cy7p-gzf8-eqcj" }, { "vulnerability": "VCID-ek6e-977t-3bew" }, { "vulnerability": "VCID-ex1j-py3q-93hv" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-hcsa-vfvp-buax" }, { "vulnerability": "VCID-hgk8-jtvw-9fgb" }, { "vulnerability": "VCID-jdb7-71q5-pfcx" }, { "vulnerability": "VCID-jdn1-d4d3-sud7" }, { "vulnerability": "VCID-k48d-ecqx-m3ed" }, { "vulnerability": "VCID-kncr-vrmh-fygm" }, { "vulnerability": "VCID-kqbu-drg3-fycm" }, { "vulnerability": "VCID-n6d6-1kyd-qufe" }, { "vulnerability": "VCID-nb1y-cbzs-abhc" }, { "vulnerability": "VCID-q246-vzd6-3qfb" }, { "vulnerability": "VCID-qb9p-rpza-5fa5" }, { "vulnerability": "VCID-qe1w-wnfu-mudr" }, { "vulnerability": "VCID-qfdm-g857-3yb5" }, { "vulnerability": "VCID-qnhs-qv3p-myg2" }, { "vulnerability": "VCID-r558-z5xb-v3a8" }, { "vulnerability": "VCID-rvp9-etcr-wycj" }, { "vulnerability": "VCID-s69v-tc7x-37fe" }, { "vulnerability": "VCID-sj2k-uq1g-suby" }, { "vulnerability": "VCID-t2sh-b3m5-vyax" }, { "vulnerability": "VCID-v47b-k4qx-h7a2" }, { "vulnerability": "VCID-vena-h39k-v3fe" }, { "vulnerability": "VCID-x5k4-dm9d-xkf7" }, { "vulnerability": "VCID-y8va-eyt2-3kfv" }, { "vulnerability": "VCID-ykzj-fz7y-eug8" }, { "vulnerability": "VCID-zy9m-d25c-5uga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1.1-18" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037212?format=api", "purl": "pkg:deb/debian/nova@2014.1.3-11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fb2-ccby-7yfq" }, { "vulnerability": "VCID-1qbm-qguj-gkem" }, { "vulnerability": "VCID-2dpk-ncrc-1fcw" }, { "vulnerability": "VCID-5nfz-1bk3-93fe" }, { "vulnerability": "VCID-6n3z-x4zj-4bez" }, { "vulnerability": "VCID-7yp4-ebnm-g3c3" }, { "vulnerability": "VCID-9se5-m6dx-8kcj" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-cwub-w9dp-wfgy" }, { "vulnerability": "VCID-cy7p-gzf8-eqcj" }, { "vulnerability": "VCID-ek6e-977t-3bew" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-jdb7-71q5-pfcx" }, { "vulnerability": "VCID-k48d-ecqx-m3ed" }, { "vulnerability": "VCID-nb1y-cbzs-abhc" }, { "vulnerability": "VCID-qfdm-g857-3yb5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" }, { "vulnerability": "VCID-zy9m-d25c-5uga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037213?format=api", "purl": "pkg:deb/debian/nova@2:13.1.0-2~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fb2-ccby-7yfq" }, { "vulnerability": "VCID-1qbm-qguj-gkem" }, { "vulnerability": "VCID-2dpk-ncrc-1fcw" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-cwub-w9dp-wfgy" }, { "vulnerability": "VCID-cy7p-gzf8-eqcj" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-jdb7-71q5-pfcx" }, { "vulnerability": "VCID-qfdm-g857-3yb5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:13.1.0-2~bpo8%252B1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037214?format=api", "purl": "pkg:deb/debian/nova@2:14.0.0-4%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fb2-ccby-7yfq" }, { "vulnerability": "VCID-1qbm-qguj-gkem" }, { "vulnerability": "VCID-2dpk-ncrc-1fcw" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-cwub-w9dp-wfgy" }, { "vulnerability": "VCID-cy7p-gzf8-eqcj" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-qfdm-g857-3yb5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:14.0.0-4%252Bdeb9u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/51544?format=api", "purl": "pkg:pypi/nova@14.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qbm-qguj-gkem" }, { "vulnerability": "VCID-jdb7-71q5-pfcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@14.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/50709?format=api", "purl": "pkg:pypi/nova@15.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qbm-qguj-gkem" }, { "vulnerability": "VCID-cy7p-gzf8-eqcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@15.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/50710?format=api", "purl": "pkg:pypi/nova@16.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qbm-qguj-gkem" }, { "vulnerability": "VCID-cy7p-gzf8-eqcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@16.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/110756?format=api", "purl": "pkg:rpm/redhat/openstack-nova@1:14.1.0-3?arch=el7ost", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qbm-qguj-gkem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openstack-nova@1:14.1.0-3%3Farch=el7ost" }, { "url": "http://public2.vulnerablecode.io/api/packages/110755?format=api", "purl": "pkg:rpm/redhat/openstack-nova@1:15.0.8-5?arch=el7ost", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qbm-qguj-gkem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openstack-nova@1:15.0.8-5%3Farch=el7ost" }, { "url": "http://public2.vulnerablecode.io/api/packages/110758?format=api", "purl": "pkg:rpm/redhat/openstack-nova@1:16.0.2-9?arch=el7ost", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qbm-qguj-gkem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openstack-nova@1:16.0.2-9%3Farch=el7ost" }, { "url": "http://public2.vulnerablecode.io/api/packages/110757?format=api", "purl": "pkg:rpm/redhat/python-novaclient@1:6.0.2-2?arch=el7ost", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qbm-qguj-gkem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python-novaclient@1:6.0.2-2%3Farch=el7ost" } ], "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0241", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0241" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0314", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0314" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0369", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0369" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16239.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16239.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16239", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59762", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59777", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59758", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59788", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59804", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59798", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59779", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59794", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59775", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59761", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.5971", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.5974", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59715", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59642", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59882", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59818", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59791", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59835", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59773", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59725", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16239" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16239", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16239" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:S/C:P/I:N/A:P" }, { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/698b261a5a2a6c0f31ef5059046ef7196d5cba30", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/698b261a5a2a6c0f31ef5059046ef7196d5cba30" }, { "reference_url": "https://github.com/openstack/nova/commit/984dd8ad6add4523d93c7ce5a666a32233e02e34", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/984dd8ad6add4523d93c7ce5a666a32233e02e34" }, { "reference_url": "https://github.com/openstack/nova/commit/9e2d63da94db63d97bd02e373bfc53d95808b833", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/9e2d63da94db63d97bd02e373bfc53d95808b833" }, { "reference_url": "https://github.com/openstack/nova/commit/b72105c1c49fcddc94992af63fc2f8078023491a", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/b72105c1c49fcddc94992af63fc2f8078023491a" }, { "reference_url": "https://launchpad.net/bugs/1664931", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/bugs/1664931" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2017-005.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2017-005.html" }, { "reference_url": "https://www.debian.org/security/2017/dsa-4056", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2017/dsa-4056" }, { "reference_url": "http://www.securityfocus.com/bid/101950", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/101950" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1508539", "reference_id": "1508539", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1508539" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882009", "reference_id": "882009", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882009" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:15.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:15.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:15.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:15.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:15.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:15.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:15.0.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:15.0.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:16.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:16.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:16.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16239", "reference_id": "CVE-2017-16239", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:P/A:N" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16239" }, { "reference_url": "https://github.com/advisories/GHSA-w2wf-cgwh-vpqg", "reference_id": "GHSA-w2wf-cgwh-vpqg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w2wf-cgwh-vpqg" } ], "weaknesses": [ { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 841, "name": "Improper Enforcement of Behavioral Workflow", "description": "The product supports a session in which more than one behavior must be performed by an actor, but it does not properly ensure that the actor performs the behaviors in the required sequence." } ], "exploits": [], "severity_range_score": "3.6 - 6.9", "exploitability": "0.5", "weighted_severity": "6.2", "risk_score": 3.1, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1qbm-qguj-gkem" }