openstack-nova is vulnerable to authorization bypass attacks. The vulnerability exists when rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova Filter Scheduler are affected. Because of the regression described in Launchpad Bug #1732947, the preferred fix is a 14.x version after 14.0.10, a 15.x version after 15.0.8, or a 16.x version after 16.0.3.
www.securityfocus.com/bid/101950
access.redhat.com/errata/RHSA-2018:0241
access.redhat.com/errata/RHSA-2018:0314
access.redhat.com/errata/RHSA-2018:0369
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1511153
bugzilla.redhat.com/show_bug.cgi?id=1527643
bugzilla.redhat.com/show_bug.cgi?id=1528453
bugzilla.redhat.com/show_bug.cgi?id=1530365
bugzilla.redhat.com/show_bug.cgi?id=1533164
bugzilla.redhat.com/show_bug.cgi?id=1537045
launchpad.net/bugs/1664931
security.openstack.org/ossa/OSSA-2017-005.html
www.debian.org/security/2017/dsa-4056