CVE-2021-3654 Scanner
Detects 'Open Redirect' vulnerability in openstack-nova affects v. <21.2.3, >=22.0.0 <22.2.3, >=23.0.0 <23.0.3.
Short Info
Level
Medium
Type
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Scan only one
Url
Parent Category
CVE-2021-3654 Scanner Detail
Openstack-nova is an open-source software platform that is used for building private and public clouds. The software platform offers a cloud computing infrastructure that creates virtual machines, networks, and manages the resources needed to run them. It is designed to manage and automate the deployment of large-scale cloud infrastructures on data centers and public cloud deployments. Using openstack-nova saves organizations the cost of deploying and managing their own private cloud platforms.
Recently, a critical vulnerability was found in openstack-nova's console proxy, noVNC—CVE-2021-3654. This vulnerability could allow an attacker to redirect noVNC to any desired URL by crafting a malicious URL. As a result, it may lead to remote code execution vulnerabilities that could compromise an organization's IT infrastructure.
This vulnerability, when exploited, can cause severe damage to organizations’ digital assets. For example, attackers can modify or delete data, steal sensitive information, and even gain administrative access to the cloud environment. The severity of this exploit means that organizations must take immediate action to prevent these attacks from happening.
In conclusion, protecting an organization's digital assets is a critical process that requires constant attention and vigilance. By leveraging the pro features of the securityforeveryone.com platform, those who read this article can easily and quickly learn about vulnerabilities in their digital assets. Organizations can proactively identify and mitigate security risks, ensuring that they have a secure and robust IT infrastructure. With an emphasis on security, organizations can prevent these vulnerabilities and stay ahead of the game.
REFERENCES
- https://security.openstack.org/ossa/OSSA-2021-002.html
- https://bugs.launchpad.net/nova/+bug/1927677
- https://www.openwall.com/lists/oss-security/2021/07/29/2
- https://bugs.python.org/issue32084
- https://opendev.org/openstack/nova/commit/04d48527b62a35d912f93bc75613a6cca606df66
- https://opendev.org/openstack/nova/commit/8906552cfc2525a44251d4cf313ece61e57251eb
- https://bugzilla.redhat.com/show_bug.cgi?id=1961439
- security.gentoo.org: GLSA-202305-02
control security posture