CVE-2015-7713

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2015-7713
OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://rhn.redhat.com/errata/RHSA-2015-2684.html Third Party Advisory
http://www.securityfocus.com/bid/76960 Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2015:2673 Third Party Advisory
https://bugs.launchpad.net/nova/+bug/1491307 Third Party Advisory
https://bugs.launchpad.net/nova/+bug/1492961 Third Party Advisory
https://security.openstack.org/ossa/OSSA-2015-021.html Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
History

13 Feb 2023, 00:55

Type Values Removed Values Added
Summary A vulnerability was discovered in the way OpenStack Compute (nova) networking handled security group updates; changes were not applied to already running VM instances. A remote attacker could use this flaw to access running VM instances. OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.
References
  • {'url': 'https://access.redhat.com/security/cve/CVE-2015-7713', 'name': 'https://access.redhat.com/security/cve/CVE-2015-7713', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2016:0013', 'name': 'https://access.redhat.com/errata/RHSA-2016:0013', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2016:0017', 'name': 'https://access.redhat.com/errata/RHSA-2016:0017', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2015:2684', 'name': 'https://access.redhat.com/errata/RHSA-2015:2684', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://bugzilla.redhat.com/show_bug.cgi?id=1269119', 'name': 'https://bugzilla.redhat.com/show_bug.cgi?id=1269119', 'tags': [], 'refsource': 'MISC'}

02 Feb 2023, 21:16

Type Values Removed Values Added
References
  • (MISC) https://access.redhat.com/security/cve/CVE-2015-7713 -
  • (MISC) https://access.redhat.com/errata/RHSA-2016:0013 -
  • (MISC) https://access.redhat.com/errata/RHSA-2016:0017 -
  • (MISC) https://access.redhat.com/errata/RHSA-2015:2684 -
  • (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1269119 -
Summary OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made. A vulnerability was discovered in the way OpenStack Compute (nova) networking handled security group updates; changes were not applied to already running VM instances. A remote attacker could use this flaw to access running VM instances.
Information

Published : 2015-10-29 20:59

Updated : 2023-12-10 11:46

NVD link : CVE-2015-7713

Mitre link : CVE-2015-7713

CVE.ORG link : CVE-2015-7713

JSON object : View

Products Affected

openstack

  • nova
CWE
CWE-254

7PK - Security Features