CVE-2015-2687
UnknownEPSS 0.33%
Last modified
CVE-2015-2687 is a vulnerability of currently unknown severity. OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for.. EPSS estimates a 0.33% chance of exploitation in the next 30 days.
Description
OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Openstack | Compute | 2013.2 |
| Openstack | Compute | 2013.2.1 |
| Openstack | Compute | 2013.2.2 |
| Openstack | Compute | 2013.2.3 |
| Openstack | Compute | 2013.2.4 |
| Openstack | Compute | 2014.1 |
| Openstack | Compute | 2014.1.1 |
| Openstack | Compute | 2014.1.2 |
| Openstack | Compute | 2014.1.3 |
| Openstack | Compute | 2014.1.4 |
| Openstack | Compute | 2014.1.5 |
| Openstack | Compute | 2014.2 |
| Openstack | Compute | 2014.2.1 |
| Openstack | Compute | 2014.2.2 |
| Openstack | Compute | 2014.2.3 |
| Openstack | Compute | 2014.2.4 |
References
- http://www.openwall.com/lists/oss-security/2015/03/24/10Mailing List, Third Party Advisory
- http://www.openwall.com/lists/oss-security/2015/03/25/3Mailing List, Third Party Advisory
- http://www.securityfocus.com/bid/77505Third Party Advisory, VDB Entry
- https://bugs.launchpad.net/nova/+bug/1419577Issue Tracking, Third Party Advisory, VDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=1205313Issue Tracking, Third Party Advisory, VDB Entry
- https://review.openstack.org/#/c/338929/Third Party Advisory
- http://www.openwall.com/lists/oss-security/2015/03/24/10Mailing List, Third Party Advisory
- http://www.openwall.com/lists/oss-security/2015/03/25/3Mailing List, Third Party Advisory
- http://www.securityfocus.com/bid/77505Third Party Advisory, VDB Entry
- https://bugs.launchpad.net/nova/+bug/1419577Issue Tracking, Third Party Advisory, VDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=1205313Issue Tracking, Third Party Advisory, VDB Entry
- https://review.openstack.org/#/c/338929/Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-2687?
OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for.
How severe is CVE-2015-2687?
Severity scoring for CVE-2015-2687 is pending analysis. The EPSS model estimates a 0.33% probability of exploitation in the next 30 days.
How do I fix CVE-2015-2687?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2015-2687?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST