CVE-2015-7713
First published: Tue Oct 06 2015(Updated: )
OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenStack Nova | >=2014.2<2014.2.4 | |
| OpenStack Nova | >=2015.1.0<2015.1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://rhn.redhat.com/errata/RHSA-2015-2684.html
- http://www.securityfocus.com/bid/76960
- https://access.redhat.com/errata/RHSA-2015:2673
- https://bugs.launchpad.net/nova/+bug/1491307
- https://bugs.launchpad.net/nova/+bug/1492961
- https://security.openstack.org/ossa/OSSA-2015-021.html
- https://launchpad.net/bugs/1491307
- https://launchpad.net/bugs/1484738
- http://seclists.org/oss-sec/2015/q4/41
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1269122
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1269123
- https://review.openstack.org/222026
- https://review.openstack.org/222023
- https://review.openstack.org/222022
- https://rhn.redhat.com/errata/RHSA-2015-2684.html
- https://rhn.redhat.com/errata/RHSA-2016-0013.html
- https://rhn.redhat.com/errata/RHSA-2016-0017.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1269119
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-7713
- agent/references
- agent/tags
- agent/severity
- agent/author
- agent/weakness
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/openstack
- canonical/openstack nova
- version/openstack nova/2014.2
- version/openstack nova/2015.1.0