CVE-2017-16239

CVE Database · CVE-2017-16239

CVE-2017-16239

· N/AModified

CVSS v3.1

N/A

EPSS

1.41%

Published

Nov 14, 2017

Modified

May 12, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova Filter Scheduler are affected. Because of the regression described in Launchpad Bug #1732947, the preferred fix is a 14.x version after 14.0.10, a 15.x version after 15.0.8, or a 16.x version after 16.0.3.

Affected Products (12)

openstack · novavulnerable

References (14)

http://www.securityfocus.com/bid/101950

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2018:0241

https://access.redhat.com/errata/RHSA-2018:0314

https://access.redhat.com/errata/RHSA-2018:0369

https://launchpad.net/bugs/1664931

Issue Tracking

https://security.openstack.org/ossa/OSSA-2017-005.html

Vendor Advisory

https://www.debian.org/security/2017/dsa-4056

http://www.securityfocus.com/bid/101950

Third Party AdvisoryVDB Entry

KEV Catalog EPSS Scores Vendors All CVEs