CVE 2021-3654

A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.

Related bugs and status

CVE-2021-3654 (Candidate) is related to these bugs:

Bug #1927677: [OSSA-2021-002] Open Redirect in noVNC proxy (CVE-2021-3654)

		In	Importance	Status
1927677	[OSSA-2021-002] Open Redirect in noVNC proxy (CVE-2021-3654)	OpenStack Compute (nova)	Undecided	Fix Released
1927677	[OSSA-2021-002] Open Redirect in noVNC proxy (CVE-2021-3654)	OpenStack Security Advisory	Undecided	Fix Released
1927677	[OSSA-2021-002] Open Redirect in noVNC proxy (CVE-2021-3654)	OpenStack Compute (nova) train	Undecided	Fix Released
1927677	[OSSA-2021-002] Open Redirect in noVNC proxy (CVE-2021-3654)	OpenStack Compute (nova) ussuri	Undecided	Fix Released
1927677	[OSSA-2021-002] Open Redirect in noVNC proxy (CVE-2021-3654)	OpenStack Compute (nova) wallaby	Undecided	Fix Released
1927677	[OSSA-2021-002] Open Redirect in noVNC proxy (CVE-2021-3654)	OpenStack Compute (nova) victoria	Undecided	Fix Released
1927677	[OSSA-2021-002] Open Redirect in noVNC proxy (CVE-2021-3654)	OpenStack Compute (nova) stein	Undecided	In Progress

See the

CVE page on Mitre.org for more details.