{"id":"CVE-2017-16239","details":"In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova Filter Scheduler are affected. Because of the regression described in Launchpad Bug #1732947, the preferred fix is a 14.x version after 14.0.10, a 15.x version after 15.0.8, or a 16.x version after 16.0.3.","aliases":["GHSA-w2wf-cgwh-vpqg"],"modified":"2026-07-01T11:53:15.038264055Z","published":"2017-11-14T17:29:00.290Z","related":["SUSE-SU-2017:3080-1"],"database_specific":{},"references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/101950"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:0241"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:0314"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:0369"},{"type":"ADVISORY","url":"https://security.openstack.org/ossa/OSSA-2017-005.html"},{"type":"ADVISORY","url":"https://www.debian.org/security/2017/dsa-4056"},{"type":"REPORT","url":"https://launchpad.net/bugs/1664931"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openstack/nova","events":[{"introduced":"0"},{"last_affected":"ca03fe87371d8c13fc2895f8ff3e7e1ca88cfe79"},{"last_affected":"ff369899749ac3e21ed0174b40e948c78c2dc1fa"},{"last_affected":"7ccf8d2e358623b3536c9f3e2850a75414969134"},{"last_affected":"acb19160d4d348e29a21ad57c61c7369352c4d1c"},{"last_affected":"6d4f9f4f6cfd3e256c68addfed0c3a033b3bf957"},{"last_affected":"506465a027dd1ba1c90949dc58297edae32da7e4"},{"last_affected":"8b2f7d38ccdbbc6533930b8d4eeff4e2ff79176c"},{"last_affected":"fe329029265e10296a550fc9153b7977da4aefe2"},{"last_affected":"6c67eee6f4a40c5e84beb2950c45e9fe5dcf9fd1"},{"last_affected":"8b162ba21f06272f915070473640d493dd70beec"},{"last_affected":"edd59ae12d11db770cf7e1b0c306be34aacd3d2b"},{"last_affected":"cb3abbdb768013e4d7182a91c8a2b26c6d725f35"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"14.0.9"},{"last_affected":"15.0.0"},{"last_affected":"15.0.1"},{"last_affected":"15.0.2"},{"last_affected":"15.0.3"},{"last_affected":"15.0.4"},{"last_affected":"15.0.5"},{"last_affected":"15.0.6"},{"last_affected":"15.0.7"},{"last_affected":"16.0.0"},{"last_affected":"16.0.1"},{"last_affected":"16.0.2"}],"cpe":["cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*","cpe:2.3:a:openstack:nova:15.0.0:*:*:*:*:*:*:*","cpe:2.3:a:openstack:nova:15.0.1:*:*:*:*:*:*:*","cpe:2.3:a:openstack:nova:15.0.2:*:*:*:*:*:*:*","cpe:2.3:a:openstack:nova:15.0.3:*:*:*:*:*:*:*","cpe:2.3:a:openstack:nova:15.0.4:*:*:*:*:*:*:*","cpe:2.3:a:openstack:nova:15.0.5:*:*:*:*:*:*:*","cpe:2.3:a:openstack:nova:15.0.6:*:*:*:*:*:*:*","cpe:2.3:a:openstack:nova:15.0.7:*:*:*:*:*:*:*","cpe:2.3:a:openstack:nova:16.0.0:*:*:*:*:*:*:*","cpe:2.3:a:openstack:nova:16.0.1:*:*:*:*:*:*:*","cpe:2.3:a:openstack:nova:16.0.2:*:*:*:*:*:*:*"],"source":["CPE_RANGE","CPE_STRING"]}}],"versions":["14.0.9","16.0.2","14.0.8","16.0.1","16.0.0.0rc2","16.0.0","15.0.7","16.0.0.0rc1","16.0.0.0b3","15.0.6","16.0.0.0b2","14.0.7","15.0.5","14.0.6","15.0.1","15.0.4","16.0.0.0b1","15.0.2","15.0.3","14.0.5","14.0.4","15.0.0.0rc2","15.0.0","15.0.0.0rc1","15.0.0.0b3","14.0.3","15.0.0.0b2","15.0.0.0b1","14.0.2","14.0.1","14.0.0.0rc2","14.0.0","14.0.0.0rc1","14.0.0.0b3","14.0.0.0b2","14.0.0.0b1","13.0.0.0rc1","13.0.0.0b3","13.0.0.0b2","13.0.0.0b1","12.0.0.0rc1","12.0.0.0b3","12.0.0.0b2","12.0.0.0b1","12.0.0a0","2015.1.0rc1","2015.1.0b3","2015.1.0b2","2015.1.0b1","2014.2.rc1","2014.2.b3","2014.2.b2","2014.2.b1","2014.1.rc1","2014.1.b3","2014.1.b2","2014.1.b1","2013.2.rc1","2013.2.b3","2013.1.rc1","folsom-2","folsom-1","essex-1","diablo-1","2011.2","2011.2rc1","2011.2gamma1","2011.1rc1","2011.1","2010.1","0.9.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-16239.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}]}