CVE-2021-3654 Scanner
CVE-2021-3654 scanner - Open Redirect vulnerability in openstack-nova
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month 3 days
Scan only one
URL
Toolbox
-
Openstack-nova is an open-source software platform that is used for building private and public clouds. The software platform offers a cloud computing infrastructure that creates virtual machines, networks, and manages the resources needed to run them. It is designed to manage and automate the deployment of large-scale cloud infrastructures on data centers and public cloud deployments. Using openstack-nova saves organizations the cost of deploying and managing their own private cloud platforms.
Recently, a critical vulnerability was found in openstack-nova's console proxy, noVNC—CVE-2021-3654. This vulnerability could allow an attacker to redirect noVNC to any desired URL by crafting a malicious URL. As a result, it may lead to remote code execution vulnerabilities that could compromise an organization's IT infrastructure.
This vulnerability, when exploited, can cause severe damage to organizations’ digital assets. For example, attackers can modify or delete data, steal sensitive information, and even gain administrative access to the cloud environment. The severity of this exploit means that organizations must take immediate action to prevent these attacks from happening.
In conclusion, protecting an organization's digital assets is a critical process that requires constant attention and vigilance. By leveraging the pro features of the s4e.io platform, those who read this article can easily and quickly learn about vulnerabilities in their digital assets. Organizations can proactively identify and mitigate security risks, ensuring that they have a secure and robust IT infrastructure. With an emphasis on security, organizations can prevent these vulnerabilities and stay ahead of the game.
REFERENCES
- https://security.openstack.org/ossa/OSSA-2021-002.html
- https://bugs.launchpad.net/nova/+bug/1927677
- https://www.openwall.com/lists/oss-security/2021/07/29/2
- https://bugs.python.org/issue32084
- https://opendev.org/openstack/nova/commit/04d48527b62a35d912f93bc75613a6cca606df66
- https://opendev.org/openstack/nova/commit/8906552cfc2525a44251d4cf313ece61e57251eb
- https://bugzilla.redhat.com/show_bug.cgi?id=1961439
- security.gentoo.org: GLSA-202305-02
