CVE-2015-7713

high

Description

OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.

References

https://security.openstack.org/ossa/OSSA-2015-021.html

https://bugs.launchpad.net/nova/+bug/1492961

https://bugs.launchpad.net/nova/+bug/1491307

https://access.redhat.com/errata/RHSA-2015:2673

http://www.securityfocus.com/bid/76960

http://rhn.redhat.com/errata/RHSA-2015-2684.html

Details

Source: Mitre, NVD

Published: 2015-10-29

Updated: 2023-02-13

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High