UNKNOWN PyPI
OpenStack Compute (Nova) allows remote attackers to bypass intended restriction
GHSA-67rh-9p29-vrxr · CVE-2015-7713
Published · Modified
Description
OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2015-7713
- WEB https://access.redhat.com/errata/RHSA-2015:2673
- WEB https://access.redhat.com/errata/RHSA-2015:2684
- WEB https://access.redhat.com/errata/RHSA-2016:0013
- WEB https://access.redhat.com/errata/RHSA-2016:0017
- WEB https://access.redhat.com/security/cve/CVE-2015-7713
- WEB https://bugs.launchpad.net/nova/+bug/1491307
- WEB https://bugs.launchpad.net/nova/+bug/1492961
- WEB https://bugzilla.redhat.com/show_bug.cgi?id=1269119
- PACKAGE https://opendev.org/openstack/nova
- WEB https://security.openstack.org/ossa/OSSA-2015-021.html
- WEB https://web.archive.org/web/20200228024902/http://www.securityfocus.com/bid/76960
- WEB http://rhn.redhat.com/errata/RHSA-2015-2684.html
- WEB http://www.securityfocus.com/bid/76960
Ready to move
Start Securing
Free, no credit card | First findings in minutes