Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-3654

EPSS 88.37% · P100
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-3654

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Source: NVD (National Vulnerability Database)
Vulnerability Title
OpenStack 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OpenStack是美国国家航空航天局(National Aeronautics and Space Administration)和美国Rackspace公司合作研发的一个云平台管理项目。 Openstack Nova存在输入验证错误漏洞,该漏洞允许远程攻击者可利用该漏洞将受害者重定向到任意URL。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
-openstack-nova Affects - Nova: <21.2.3, >=22.0.0 <22.2.3, >=23.0.0 <23.0.3 | Fixed-In 21.2.3, 22.3.0, and 23.1.0 -

II. Public POCs for CVE-2021-3654

#POC DescriptionSource LinkShenlong Link
1Nova noVNC contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-3654.yamlPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2021-3654

登录查看更多情报信息。

Same Patch Batch · n/a · 2022-03-02 · 61 CVEs total

CVE-2022-23953HP PC 输入验证错误漏洞
CVE-2021-3738Samba 资源管理错误漏洞
CVE-2021-3631Red Hat libvirt 安全漏洞
CVE-2021-23222PostgreSQL 安全漏洞
CVE-2021-23192Samba输入验证错误漏洞
CVE-2021-3667Red Hat libvirt 安全漏洞
CVE-2021-38268Liferay Portal 安全漏洞
CVE-2022-22944Vmware Workspace One Boxer 跨站脚本漏洞
CVE-2022-25045Home Owners Collection Management System 信任管理问题漏洞
CVE-2022-23956HP PC 输入验证错误漏洞
CVE-2022-23878SeaCMS 安全漏洞
CVE-2022-23954HP PC 输入验证错误漏洞
CVE-2022-23955HP PC 输入验证错误漏洞
CVE-2022-23958HP PC 输入验证错误漏洞
CVE-2022-23957HP PC 输入验证错误漏洞
CVE-2021-41001Aruba AOS-CX 命令注入漏洞
CVE-2021-41000Aruba AOS-CX 命令注入漏洞
CVE-2021-41002Aruba AOS-CX 路径遍历漏洞
CVE-2021-41003Aruba AOS-CX 跨站脚本漏洞
CVE-2022-0711Haproxy HAProxy 安全漏洞

Showing top 20 of 61 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: openstack-nova
Same vendor: n/a
Same weakness: CWE-601

V. Comments for CVE-2021-3654

No comments yet

Leave a comment