OpenStack Compute (Nova) Improper Access Control

GHSA-97fv-22hc-mrgj · CVE-2015-2687 · PYSEC-2017-145

Published May 17, 2022 · Modified Nov 26, 2024

Description

OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2015-2687
WEB https://github.com/openstack/nova/commit/b83cae02ece4c338e09c3606c6ae69b715bd6f8c
WEB https://bugs.launchpad.net/nova/+bug/1419577
WEB https://bugzilla.redhat.com/show_bug.cgi?id=1205313
PACKAGE https://github.com/openstack/nova
WEB https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2017-145.yaml
WEB https://review.openstack.org/#/c/338929
WEB http://www.openwall.com/lists/oss-security/2015/03/24/10
WEB http://www.openwall.com/lists/oss-security/2015/03/25/3

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes