CVE-2015-3280

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2015-3280
OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state.

6.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:N/A:C

Exploitability : 8.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References
Link Resource
http://rhn.redhat.com/errata/RHSA-2015-1898.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html Third Party Advisory
http://www.securityfocus.com/bid/76553 Third Party Advisory VDB Entry
https://launchpad.net/bugs/1392527 Third Party Advisory
https://security.openstack.org/ossa/OSSA-2015-017.html Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
History

13 Feb 2023, 00:49

Type Values Removed Values Added
References
  • {'url': 'https://access.redhat.com/security/cve/CVE-2015-3280', 'name': 'https://access.redhat.com/security/cve/CVE-2015-3280', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2015:1898', 'name': 'https://access.redhat.com/errata/RHSA-2015:1898', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://bugzilla.redhat.com/show_bug.cgi?id=1257942', 'name': 'https://bugzilla.redhat.com/show_bug.cgi?id=1257942', 'tags': [], 'refsource': 'MISC'}
Summary A flaw was found in the way OpenStack Compute (nova) handled the resize state. If an authenticated user deleted an instance while it was in the resize state, it could cause the original instance to not be deleted from the compute node it was running on, allowing the user to cause a denial of service. OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state.

02 Feb 2023, 16:16

Type Values Removed Values Added
References
  • (MISC) https://access.redhat.com/security/cve/CVE-2015-3280 -
  • (MISC) https://access.redhat.com/errata/RHSA-2015:1898 -
  • (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1257942 -
Summary OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state. A flaw was found in the way OpenStack Compute (nova) handled the resize state. If an authenticated user deleted an instance while it was in the resize state, it could cause the original instance to not be deleted from the compute node it was running on, allowing the user to cause a denial of service.
Information

Published : 2015-10-26 17:59

Updated : 2023-12-10 11:46

NVD link : CVE-2015-3280

Mitre link : CVE-2015-3280

CVE.ORG link : CVE-2015-3280

JSON object : View

Products Affected

openstack

  • nova
CWE
CWE-399

Resource Management Errors