Adds OSSA-2017-005 (CVE-2017-16239)
Change-Id: Ib03875ae5b6ad95ceecf00714704ac9676ef32a7 Related-Bug: #1664931
This commit is contained in:
parent
6ef2ac429d
commit
cb43ec5959
|
@ -0,0 +1,39 @@
|
|||
date: 2017-11-14
|
||||
|
||||
id: OSSA-2017-005
|
||||
|
||||
title: Nova Filter Scheduler bypass through rebuild action
|
||||
|
||||
description: >
|
||||
George Shuklin from servers.com reported a vulnerability in Nova. By
|
||||
rebuilding an instance, an authenticated user may be able to circumvent the
|
||||
Filter Scheduler bypassing imposed filters (for example, the
|
||||
ImagePropertiesFilter or the IsolatedHostsFilter).
|
||||
All setups using Nova Filter Scheduler are affected.
|
||||
|
||||
affected-products:
|
||||
- product: nova
|
||||
version: "<=14.0.9, >=15.0.0 <=15.0.7, >=16.0.0 <=16.0.2"
|
||||
|
||||
vulnerabilities:
|
||||
- cve-id: CVE-2017-16239
|
||||
|
||||
reporters:
|
||||
- name: George Shuklin
|
||||
affiliation: Servers.com
|
||||
reported:
|
||||
- CVE-2017-16239
|
||||
|
||||
issues:
|
||||
links:
|
||||
- https://launchpad.net/bugs/1664931
|
||||
|
||||
reviews:
|
||||
queens:
|
||||
- https://review.openstack.org/519662
|
||||
pike:
|
||||
- https://review.openstack.org/519672
|
||||
ocata:
|
||||
- https://review.openstack.org/519681
|
||||
newton:
|
||||
- https://review.openstack.org/519684
|
Loading…
Reference in New Issue