Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2020-17376
Analyzed
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-26 Aug, 2020 | 19:15
Updated At-14 Sep, 2020 | 19:00

An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths as host devices previously referenced by the virtual machine on the source host. This can include block devices that map to different Cinder volumes at the destination than at the source. Only deployments allowing host-based connections (for instance, root and ephemeral devices) are affected.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.3HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Primary2.06.5MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 8.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Type: Primary
Version: 2.0
Base score: 6.5
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P
CPE Matches
OpenStack
openstack
>>nova>>Versions before 19.3.1(exclusive)
cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
OpenStack
openstack
>>nova>>Versions from 20.0.0(inclusive) to 20.3.1(exclusive)
cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
OpenStack
openstack
>>nova>>21.0.0
cpe:2.3:a:openstack:nova:21.0.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-611Primarynvd@nist.gov
CWE ID: CWE-611
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.openwall.com/lists/oss-security/2020/08/25/4cve@mitre.org
Mailing List
Patch
Third Party Advisory
https://launchpad.net/bugs/1890501cve@mitre.org
Exploit
Third Party Advisory
https://security.openstack.org/ossa/OSSA-2020-006.htmlcve@mitre.org
Patch
Vendor Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2020/08/25/4
Source: cve@mitre.org
Resource:
Mailing List
Patch
Third Party Advisory
Hyperlink: https://launchpad.net/bugs/1890501
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://security.openstack.org/ossa/OSSA-2020-006.html
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Change History
0Changes found
Details not found