CVE-2015-7713
Last modified
CVE-2015-7713 is a vulnerability of currently unknown severity. OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.. EPSS estimates a 3.67% chance of exploitation in the next 30 days.
Description
OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Openstack | Nova | >= 2014.2, < 2014.2.4 |
| Openstack | Nova | >= 2015.1.0, < 2015.1.2 |
References
- http://rhn.redhat.com/errata/RHSA-2015-2684.htmlThird Party Advisory
- http://www.securityfocus.com/bid/76960Third Party Advisory, VDB Entry
- https://access.redhat.com/errata/RHSA-2015:2673Third Party Advisory
- https://bugs.launchpad.net/nova/+bug/1491307Third Party Advisory
- https://bugs.launchpad.net/nova/+bug/1492961Third Party Advisory
- https://security.openstack.org/ossa/OSSA-2015-021.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2015-2684.htmlThird Party Advisory
- http://www.securityfocus.com/bid/76960Third Party Advisory, VDB Entry
- https://access.redhat.com/errata/RHSA-2015:2673Third Party Advisory
- https://bugs.launchpad.net/nova/+bug/1491307Third Party Advisory
- https://bugs.launchpad.net/nova/+bug/1492961Third Party Advisory
- https://security.openstack.org/ossa/OSSA-2015-021.htmlVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-7713?
How severe is CVE-2015-7713?
How do I fix CVE-2015-7713?
Are you affected by CVE-2015-7713?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST