1961439 – (CVE-2021-3654) CVE-2021-3654 openstack-nova: novnc allows open redirection

Bug 1961439 (CVE-2021-3654) - CVE-2021-3654 openstack-nova: novnc allows open redirection

Summary: CVE-2021-3654 openstack-nova: novnc allows open redirection

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2021-3654
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1961446 1961346 1961351 1961445
Blocks:	1960387 1983989
TreeView+	depends on / blocked

Reported:	2021-05-17 23:54 UTC by Summer Long
Modified:	2022-03-24 13:44 UTC (History)
CC List:	16 users (show)
Fixed In Version:	nova 21.2.3, nova 22.3.0, nova 23.1.0
Doc Type:	If docs needed, set a value
Doc Text:	A vulnerability was found in CPython which is used by openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.
Clone Of:
Environment:
Last Closed:	2022-03-24 13:44:59 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2022:0983	0	None	None	None	2022-03-24 11:03:45 UTC
Red Hat Product Errata	RHSA-2022:0999	0	None	None	None	2022-03-23 22:26:45 UTC

Description Summer Long 2021-05-17 23:54:48 UTC

novnc allows open redirection, which could allow phishing attempts.
Risk: By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. Because the server name in the modified link is identical to the original site, phishing attempts could have a more trustworthy appearance.

https://bugs.launchpad.net/nova/+bug/1927677

Comment 4 Summer Long 2021-05-18 00:15:45 UTC

Created openstack-nova tracking bugs for this issue:

Affects: openstack-rdo [bug 1961446]

Comment 10 Summer Long 2021-11-01 22:38:05 UTC

Initial OSSA now out of date: https://security.openstack.org/ossa/OSSA-2021-002.html
Upstream fixes have been released: 21.2.3, 22.3.0, and 23.1.0
together with two additional stable-train commits: 
* https://opendev.org/openstack/nova/commit/04d48527b62a35d912f93bc75613a6cca606df66
* https://opendev.org/openstack/nova/commit/8906552cfc2525a44251d4cf313ece61e57251eb

Comment 11 Nick Tait 2022-03-09 21:23:39 UTC

Additional references:
https://bugs.python.org/issue43223
https://github.com/python/cpython/pull/24848

Comment 12 errata-xmlrpc 2022-03-23 22:26:42 UTC

This issue has been addressed in the following products:

  Red Hat OpenStack Platform 16.2

Via RHSA-2022:0999 https://access.redhat.com/errata/RHSA-2022:0999

Comment 13 errata-xmlrpc 2022-03-24 11:03:42 UTC

This issue has been addressed in the following products:

  Red Hat OpenStack Platform 16.1

Via RHSA-2022:0983 https://access.redhat.com/errata/RHSA-2022:0983

Comment 14 Product Security DevOps Team 2022-03-24 13:44:57 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-3654

Note You need to log in before you can comment on or make changes to this bug.