CVE 2017-16239
In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImageProperties
Related bugs and status
CVE-2017-16239 (Candidate) is related to these bugs:
Bug #1664931: [OSSA-2017-005] nova rebuild ignores all image properties and scheduler filters (CVE-2017-16239)
Bug #1732976: [OSSA-2017-006] Potential DoS by rebuilding the same instance with a new image multiple times (CVE-2017-17051)
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1732976 | [OSSA-2017-006] Potential DoS by rebuilding the same instance with a new image multiple times (CVE-2017-17051) | OpenStack Compute (nova) | High | Fix Released | ||
1732976 | [OSSA-2017-006] Potential DoS by rebuilding the same instance with a new image multiple times (CVE-2017-17051) | OpenStack Compute (nova) pike | High | Fix Committed | ||
1732976 | [OSSA-2017-006] Potential DoS by rebuilding the same instance with a new image multiple times (CVE-2017-17051) | OpenStack Security Advisory | High | Fix Released |
See the
CVE page on Mitre.org
for more details.