CVE-2021-3654

Summary

A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.

Affected Software

VendorProductVersion RangeStatus
n/aopenstack-nova`Affects - Nova: <21.2.3, >=22.0.0 <22.2.3, >=23.0.0 <23.0.3Fixed-In 21.2.3, 22.3.0, and 23.1.0`

Weaknesses

  • CWE-601: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

ADP Enrichment

CVE Program Container

Additional References

References