OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state.
References
Link | Resource |
---|---|
http://rhn.redhat.com/errata/RHSA-2015-1898.html | Third Party Advisory |
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html | Third Party Advisory |
http://www.securityfocus.com/bid/76553 | Third Party Advisory VDB Entry |
https://launchpad.net/bugs/1392527 | Third Party Advisory |
https://security.openstack.org/ossa/OSSA-2015-017.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
13 Feb 2023, 00:49
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state. |
02 Feb 2023, 16:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | A flaw was found in the way OpenStack Compute (nova) handled the resize state. If an authenticated user deleted an instance while it was in the resize state, it could cause the original instance to not be deleted from the compute node it was running on, allowing the user to cause a denial of service. |
Information
Published : 2015-10-26 17:59
Updated : 2023-12-10 11:46
NVD link : CVE-2015-3280
Mitre link : CVE-2015-3280
CVE.ORG link : CVE-2015-3280
JSON object : View
Products Affected
openstack
- nova
CWE
CWE-399
Resource Management Errors