VDB
CVE-2017-16239
CVE-2017-16239
PUBLISHED
In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova Filter Scheduler are affected. Because of the regression described in Launchpad Bug #1732947, the preferred fix is a 14.x version after 14.0.10, a 15.x version after 15.0.8, or a 16.x version after 16.0.3.
EPSS 0.38% · 60.1th percentile
Risk Scores
EPSS Score
0.38%
60.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:16.04:LTS | nova | 0, 2:12.0.0-0ubuntu2, 2:13.0.0~b1-0ubuntu1 |
Exploit Intelligence
- 101950 (circl)
- RHSA-2018:0369 (circl)
- RHSA-2018:0241 (circl)
- DSA-4056 (circl)
- https://launchpad.net/bugs/1664931 (circl)
- https://security.openstack.org/ossa/OSSA-2017-005.html (circl)
- RHSA-2018:0314 (circl)
Timeline
- Nov 14, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-16239 third-party-advisory
- https://security.openstack.org/ossa/OSSA-2017-005.html third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-16239 third-party-advisory