Bug 1188573 - (CVE-2021-3654) VUL-0: CVE-2021-3654: openstack-nova: novnc allows open redirection
(CVE-2021-3654)
VUL-0: CVE-2021-3654: openstack-nova: novnc allows open redirection
Status: IN_PROGRESS
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/304614/
CVSSv3.1:SUSE:CVE-2021-3654:5.7:(AV:N...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-07-21 13:56 UTC by Alexander Bergmann
Modified: 2022-10-05 07:42 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2021-07-21 13:56:36 UTC
rh#1961439

novnc allows open redirection, which could allow phishing attempts.
Risk: By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. Because the server name in the modified link is identical to the original site, phishing attempts could have a more trustworthy appearance.

https://bugs.launchpad.net/nova/+bug/1927677

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1961439
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3654