CVE-2021-3654

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-3654

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3654.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-3654

Aliases

GHSA-vqp6-j452-j6wp

Downstream

DEBIAN-CVE-2021-3654

RHSA-2022:0983

RHSA-2022:0999

UBUNTU-CVE-2021-3654

USN-5866-1

Published

2022-03-02T23:15:08.730Z

Modified

2026-04-02T07:08:37.864115Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.

References

Affected packages

Git / github.com/openstack/nova

Affected ranges

Type

GIT

Repo

https://github.com/openstack/nova

Events

Introduced

Fixed

6f774f226bcf8c5468de92d3eea80962656754cd

Introduced

Last affected

806eda3da84d6f9b47c036ff138415458b837536

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "21.2.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.1"
        }
    ]
}

Affected versions

0.*

0.9.0

12.*

12.0.0

12.0.0.0b1

12.0.0.0b2

12.0.0.0b3

12.0.0.0rc1

12.0.0.0rc2

12.0.0.0rc3

12.0.0a0

12.0.1

12.0.2

12.0.3

12.0.4

12.0.5

12.0.6

13.*

13.0.0

13.0.0.0b1

13.0.0.0b2

13.0.0.0b3

13.0.0.0rc1

13.0.0.0rc2

13.0.0.0rc3

13.1.0

13.1.1

13.1.2

13.1.3

13.1.4

14.*

14.0.0

14.0.0.0b1

14.0.0.0b2

14.0.0.0b3

14.0.0.0rc1

14.0.0.0rc2

14.0.1

14.0.10

14.0.2

14.0.3

14.0.4

14.0.5

14.0.6

14.0.7

14.0.8

14.0.9

14.1.0

15.*

15.0.0

15.0.0.0b1

15.0.0.0b2

15.0.0.0b3

15.0.0.0rc1

15.0.0.0rc2

15.0.1

15.0.2

15.0.3

15.0.4

15.0.5

15.0.6

15.0.7

15.0.8

15.1.0

15.1.1

15.1.2

15.1.3

15.1.4

15.1.5

16.*

16.0.0

16.0.0.0b1

16.0.0.0b2

16.0.0.0b3

16.0.0.0rc1

16.0.0.0rc2

16.0.1

16.0.2

16.0.3

16.0.4

16.1.0

17.*

17.0.0

17.0.0.0b1

17.0.0.0b2

17.0.0.0b3

17.0.0.0rc1

17.0.0.0rc2

17.0.0.0rc3

17.0.1

17.0.10

17.0.11

17.0.12

17.0.13

17.0.2

17.0.3

17.0.4

17.0.5

17.0.6

17.0.7

17.0.8

17.0.9

18.*

18.0.0

18.0.0.0b1

18.0.0.0b2

18.0.0.0b3

18.0.0.0rc1

18.0.0.0rc2

18.0.0.0rc3

18.0.1

18.0.2

18.0.3

18.1.0

18.2.0

18.2.1

18.2.2

18.2.3

18.3.0

19.*

19.0.0

19.0.0.0rc1

19.0.0.0rc2

19.0.1

19.0.2

19.0.3

19.1.0

19.2.0

19.3.0

19.3.1

19.3.2

20.*

20.0.0

20.0.0.0rc1

20.0.0.0rc2

20.0.1

20.1.0

20.1.1

20.2.0

20.3.0

20.4.0

20.4.1

20.5.0

20.6.0

20.6.1

2010.*

2010.1

2011.*

2011.1

2011.1rc1

2011.2

2011.2gamma1

2011.2rc1

2011.3

2011.3.1

2012.*

2012.1

2012.1.1

2012.1.2

2012.1.3

2012.2

2012.2.1

2012.2.2

2012.2.3

2012.2.4

2013.*

2013.1

2013.1.1

2013.1.2

2013.1.3

2013.1.4

2013.1.5

2013.1.g3

2013.1.rc1

2013.1.rc2

2013.2

2013.2.1

2013.2.2

2013.2.3

2013.2.4

2013.2.b1

2013.2.b2

2013.2.b3

2013.2.rc1

2013.2.rc2

2014.*

2014.1

2014.1.1

2014.1.2

2014.1.3

2014.1.4

2014.1.5

2014.1.b1

2014.1.b2

2014.1.b3

2014.1.rc1

2014.1.rc2

2014.2

2014.2.1

2014.2.2

2014.2.3

2014.2.4

2014.2.b1

2014.2.b2

2014.2.b3

2014.2.rc1

2014.2.rc2

2015.*

2015.1.0

2015.1.0b1

2015.1.0b2

2015.1.0b3

2015.1.0rc1

2015.1.0rc2

2015.1.0rc3

2015.1.1

2015.1.2

2015.1.3

2015.1.4

2023.*

2023.1-eom

2023.2-eol

2024.*

2024.1-eom

21.*

21.0.0

21.0.0.0rc1

21.0.0.0rc2

21.1.0

21.1.1

21.1.2

21.2.0

21.2.1

21.2.2

22.*

22.0.0

22.0.0.0rc1

22.0.1

22.1.0

22.2.0

22.2.1

22.2.2

22.3.0

22.4.0

23.*

23.0.0

23.0.0.0rc1

23.0.0.0rc2

23.0.1

23.0.2

23.1.0

23.2.0

23.2.1

23.2.2

24.*

24.0.0

24.0.0.0rc1

24.0.0.0rc2

24.1.0

24.1.1

24.2.0

24.2.1

25.*

25.0.0

25.0.0.0rc1

25.0.1

25.1.0

25.1.1

25.2.0

25.2.1

25.3.0

26.*

26.0.0

26.0.0.0rc1

26.0.0.0rc2

26.1.0

26.1.1

26.2.0

26.2.1

26.2.2

26.3.0

27.*

27.0.0

27.0.0.0rc1

27.1.0

27.2.0

27.3.0

27.4.0

27.5.0

27.5.1

28.*

28.0.0

28.0.0.0rc1

28.0.1

28.1.0

28.2.0

28.3.0

28.3.1

29.*

29.0.0

29.0.0.0rc1

29.0.1

29.0.2

29.1.0

29.2.0

29.2.1

29.2.2

29.3.0

29.4.0

30.*

30.0.0

30.0.0.0rc1

30.1.0

30.2.0

30.2.1

31.*

31.0.0

31.0.0.0rc1

31.0.1

31.1.0

31.2.0

32.*

32.0.0

32.0.0.0rc1

32.1.0

33.*

33.0.0

33.0.0.0rc1

Other

diablo-1

diablo-2

diablo-3

diablo-4

diablo-eol

essex-1

essex-2

essex-3

essex-4

essex-eol

essex-rc1

essex-rc2

essex-rc3

essex-rc4

folsom-1

folsom-2

folsom-3

folsom-eol

folsom-rc1

folsom-rc2

folsom-rc3

grizzly-1

grizzly-2

grizzly-eol

havana-eol

icehouse-eol

juno-eol

kilo-eol

liberty-eol

mitaka-eol

newton-eol

ocata-em

ocata-eol

queens-em

queens-eol

rocky-em

rocky-eol

stein-em

stein-eol

train-em

train-eol

victoria-em

victoria-eol

victoria-eom

wallaby-em

wallaby-eol

wallaby-eom

xena-em

xena-eol

xena-eom

yoga-eom

zed-eom

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3654.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "22.0.0"
            },
            {
                "fixed": "22.2.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "23.0.0"
            },
            {
                "fixed": "23.0.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.2"
            }
        ]
    }
]