Open Redirect Affecting nova Open this link in a new tab package, versions [18.104.22.168rc1,23.0.2) [22.214.171.124rc1,22.3.0) [,21.2.3)
Proof of concept
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
21 Jul 2021
13 May 2021
How to fix?
nova to version 23.0.2, 22.3.0, 21.2.3 or higher.
nova is an OpenStack Nova provides a cloud computing fabric controller, supporting a wide variety of compute technologies, including: libvirt (KVM, Xen, LXC and more), Hyper-V, VMware, XenServer, OpenStack Ironic and PowerVM.
Affected versions of this package are vulnerable to Open Redirect. The console proxies used (
spice) run in a
websockify server whose request handler inherits from the python standard
SimpleHTTPRequestHandler. There is a known issue in the
SimpleHTTPRequestHandler which allows open redirects by way of URLs in the following format:
http://vncproxy.my.domain.com//example.com/%2F.., which if visited, will redirect a user to