VIR Vulnerability Intelligence Relay

CVE-2017-16239

medium
Published 2017-11-14 · Modified 2024-05-19
CVSS v3
6.5
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CVSS v2
4.0
VIR risk
6.5

Description

OpenStack Nova Filter Scheduler Bypass

Predictions

Exploit likelihood
75%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2017-16239

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2017-16239.html

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://security.openstack.org/ossa/OSSA-2017-005.html

OS impact
OSVersionStatusFixed in
suse slesaffected
debian debianbookwormfixed2:16.0.3-1
debian debianbullseyefixed2:16.0.3-1
debian debianforkyfixed2:16.0.3-1
debian debiansidfixed2:16.0.3-1
debian debiantrixiefixed2:16.0.3-1

Package impact
EcosystemPackageVulnerableFixed
python PyPInova>=16.0.0,<16.0.316.0.3
python PyPInova>=15.0.0,<15.0.815.0.8
python PyPInova>=14.0.0,<14.0.1014.0.10

Application impact
VendorProductVersionsFixed
openstacknova{"endIncluding":"14.0.9"}
openstacknova15.0.0
openstacknova15.0.1
openstacknova15.0.2
openstacknova15.0.3
openstacknova15.0.4
openstacknova15.0.5
openstacknova15.0.6
openstacknova15.0.7
openstacknova16.0.0
openstacknova16.0.1
openstacknova16.0.2

References

Verify integrity in audit chain (admin only). AS-IS.