{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-3654", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-03T17:01:07.959Z", "dateReserved": "2021-07-20T00:00:00", "datePublished": "2022-03-02T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-05-03T00:00:00"}, "descriptions": [{"lang": "en", "value": "A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL."}], "affected": [{"vendor": "n/a", "product": "openstack-nova", "versions": [{"version": "Affects - Nova: <21.2.3, >=22.0.0 <22.2.3, >=23.0.0 <23.0.3 | Fixed-In 21.2.3, 22.3.0, and 23.1.0", "status": "affected"}]}], "references": [{"url": "https://security.openstack.org/ossa/OSSA-2021-002.html"}, {"url": "https://bugs.launchpad.net/nova/+bug/1927677"}, {"url": "https://www.openwall.com/lists/oss-security/2021/07/29/2"}, {"url": "https://bugs.python.org/issue32084"}, {"url": "https://opendev.org/openstack/nova/commit/04d48527b62a35d912f93bc75613a6cca606df66"}, {"url": "https://opendev.org/openstack/nova/commit/8906552cfc2525a44251d4cf313ece61e57251eb"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961439"}, {"name": "GLSA-202305-02", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202305-02"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')", "cweId": "CWE-601"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:01:07.959Z"}, "title": "CVE Program Container", "references": [{"url": "https://security.openstack.org/ossa/OSSA-2021-002.html", "tags": ["x_transferred"]}, {"url": "https://bugs.launchpad.net/nova/+bug/1927677", "tags": ["x_transferred"]}, {"url": "https://www.openwall.com/lists/oss-security/2021/07/29/2", "tags": ["x_transferred"]}, {"url": "https://bugs.python.org/issue32084", "tags": ["x_transferred"]}, {"url": "https://opendev.org/openstack/nova/commit/04d48527b62a35d912f93bc75613a6cca606df66", "tags": ["x_transferred"]}, {"url": "https://opendev.org/openstack/nova/commit/8906552cfc2525a44251d4cf313ece61e57251eb", "tags": ["x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961439", "tags": ["x_transferred"]}, {"name": "GLSA-202305-02", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202305-02"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A99696E-FCFF-4062-8366-DE5A4BAD3D0A", "versionEndExcluding": "21.2.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "matchCriteriaId": "CBF7F6B1-7A2D-42F6-88CC-162AB964F38D", "versionEndExcluding": "22.2.3", "versionStartIncluding": "22.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "matchCriteriaId": "528D1C49-1D96-4D38-B4DF-7B428ACA12CE", "versionEndExcluding": "23.0.3", "versionStartIncluding": "23.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*", "matchCriteriaId": "DCC81071-B46D-4F5D-AC25-B4A4CCC20C73", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*", "matchCriteriaId": "4B3000D2-35DF-4A93-9FC0-1AD3AB8349B8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad en el proxy de consola de openstack-nova, noVNC. Mediante el dise\u00f1o de una URL maliciosa, noVNC puede ser redirigido a cualquier URL deseada"}], "id": "CVE-2021-3654", "lastModified": "2024-11-21T06:22:04.870", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-03-02T23:15:08.730", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugs.launchpad.net/nova/+bug/1927677"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://bugs.python.org/issue32084"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961439"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://opendev.org/openstack/nova/commit/04d48527b62a35d912f93bc75613a6cca606df66"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://opendev.org/openstack/nova/commit/8906552cfc2525a44251d4cf313ece61e57251eb"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/202305-02"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://security.openstack.org/ossa/OSSA-2021-002.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2021/07/29/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugs.launchpad.net/nova/+bug/1927677"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://bugs.python.org/issue32084"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961439"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://opendev.org/openstack/nova/commit/04d48527b62a35d912f93bc75613a6cca606df66"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://opendev.org/openstack/nova/commit/8906552cfc2525a44251d4cf313ece61e57251eb"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202305-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://security.openstack.org/ossa/OSSA-2021-002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2021/07/29/2"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-601"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Salman Khan (Monash University Cyber Security team), Shahaan Ayyub (Monash University Cyber Security team), and Swe Aung (Monash University Cyber Security team) as the original reporters.", "affected_release": [{"advisory": "RHSA-2022:0983", "cpe": "cpe:/a:redhat:openstack:16.1::el8", "package": "openstack-nova-1:20.4.1-1.20220112153422.1ee93b9.el8ost", "product_name": "Red Hat OpenStack Platform 16.1", "release_date": "2022-03-24T00:00:00Z"}, {"advisory": "RHSA-2022:0999", "cpe": "cpe:/a:redhat:openstack:16.2::el8", "package": "openstack-nova-1:20.6.2-2.20220112164912.8906554.el8ost", "product_name": "Red Hat OpenStack Platform 16.2", "release_date": "2022-03-23T00:00:00Z"}], "bugzilla": {"description": "openstack-nova: novnc allows open redirection", "id": "1961439", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961439"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-601", "details": ["A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.", "A vulnerability was found in CPython which is used by openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2021-3654", "package_state": [{"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Out of support scope", "package_name": "openstack-nova", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Out of support scope", "package_name": "openstack-nova", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}], "public_date": "2021-05-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-3654\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3654\nhttps://www.openwall.com/lists/oss-security/2021/07/29/2"], "threat_severity": "Moderate"}