SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2021-3654

Date: (C)2022-03-04 (M)2023-12-22

A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:		CVSS V2 Severity:
CVSS Score : 6.1		CVSS Score : 4.0
Exploit Score: 2.8		Exploit Score: 4.9
Impact Score: 2.7		Impact Score: 4.9

CVSS V3 Metrics:		CVSS V2 Metrics:
Attack Vector: NETWORK		Access Vector: NETWORK
Attack Complexity: LOW		Access Complexity: HIGH
Privileges Required: NONE		Authentication: NONE
User Interaction: REQUIRED		Confidentiality: PARTIAL
Scope: CHANGED		Integrity: PARTIAL
Confidentiality: LOW		Availability: NONE
Integrity: LOW
Availability: NONE

Reference:

https://bugs.launchpad.net/nova/+bug/1927677

https://bugs.python.org/issue32084

https://bugzilla.redhat.com/show_bug.cgi?id=1961439

https://opendev.org/openstack/nova/commit/04d48527b62a35d912f93bc75613a6cca606df66

https://opendev.org/openstack/nova/commit/8906552cfc2525a44251d4cf313ece61e57251eb

https://security.openstack.org/ossa/OSSA-2021-002.html

https://www.openwall.com/lists/oss-security/2021/07/29/2

oval:org.secpod.oval:def:89399
oval:org.secpod.oval:def:87728

© SecPod Technologies