Fix OpenStack Neutron allowing a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the noVNC component. By modifying untrusted URL input using multiple backslashes, an attacker could exploit this vulnerability to redirect a victim to arbitrary websites
CVEID:CVE-2021-40797
**DESCRIPTION:**OpenStack Neutron is vulnerable to a denial of service, caused by a memory leak in the routes middleware. By making API requests involving nonexistent controllers, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/208929 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
PowerVC |
1.4.4.2
2.0.0.0
2.0.1
None