id: CVE-2021-3654 info: name: Nova noVNC - Open Redirect author: geeknik severity: medium description: Nova noVNC contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. remediation: | Apply the latest security patches or updates provided by the vendor to fix the open redirect vulnerability in the Nova noVNC application. reference: - https://seclists.org/oss-sec/2021/q3/188 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3654 - https://bugs.python.org/issue32084 - https://opendev.org/openstack/nova/commit/04d48527b62a35d912f93bc75613a6cca606df66 - https://nvd.nist.gov/vuln/detail/CVE-2021-3654 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-3654 cwe-id: CWE-601 epss-score: 0.92596 epss-percentile: 0.98695 cpe: cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: openstack product: nova tags: redirect,novnc,cve,cve2021,seclists http: - method: GET path: - '{{BaseURL}}//interact.sh/%2f..' matchers-condition: and matchers: - type: regex part: header regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$' - type: status status: - 302 - 301 # digest: 4a0a00473045022100eb7687c63dbc6bb037fd7f42d0a8edc80afc03800561ad3b69147c96de09b930022069f008e73c86e87545fbddd52b8a272b8132f58fc247474f511ecf62053bc176:922c64590222798bb761d5b6d8e72950