CVE-2015-7713 - OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly

CVE-2015-7713

Summary

OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.

References

Vulnerable Configurations

cpe:2.3:a:openstack:nova:2015.1.0:*:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2015.1.0:*:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2015.1.0:beta1:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2015.1.0:beta1:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2015.1.0:beta2:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2015.1.0:beta2:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2015.1.0:beta3:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2015.1.0:beta3:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2015.1.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2015.1.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2015.1.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2015.1.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2015.1.0:milestone3:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2015.1.0:milestone3:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2015.1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2015.1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2015.1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2015.1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2015.1.0:rc3:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2015.1.0:rc3:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2015.1.1:*:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2015.1.1:*:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2:*:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2:*:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2.0:beta1:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2.0:beta1:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2.0:beta2:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2.0:beta2:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2.0:beta3:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2.0:beta3:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2.0:milestone3:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2.0:milestone3:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2.1:*:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2.1:*:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2.2:*:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2.2:*:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2.3:*:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2.3:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 13-02-2023 - 00:55)
Impact:
Exploitability:

CWE

CWE-254

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:P/A:N

redhat via4

advisories

rhsa
id RHSA-2015:2673
rhsa
id RHSA-2015:2684

rpms

openstack-nova-0:2015.1.2-7.el7ost
openstack-nova-api-0:2015.1.2-7.el7ost
openstack-nova-cells-0:2015.1.2-7.el7ost
openstack-nova-cert-0:2015.1.2-7.el7ost
openstack-nova-common-0:2015.1.2-7.el7ost
openstack-nova-compute-0:2015.1.2-7.el7ost
openstack-nova-conductor-0:2015.1.2-7.el7ost
openstack-nova-console-0:2015.1.2-7.el7ost
openstack-nova-doc-0:2015.1.2-7.el7ost
openstack-nova-network-0:2015.1.2-7.el7ost
openstack-nova-novncproxy-0:2015.1.2-7.el7ost
openstack-nova-objectstore-0:2015.1.2-7.el7ost
openstack-nova-scheduler-0:2015.1.2-7.el7ost
openstack-nova-serialproxy-0:2015.1.2-7.el7ost
openstack-nova-spicehtml5proxy-0:2015.1.2-7.el7ost
python-nova-0:2015.1.2-7.el7ost
python-novaclient-1:2.23.0-2.el7ost
python-novaclient-doc-1:2.23.0-2.el7ost
openstack-nova-0:2014.1.5-9.el7ost
openstack-nova-api-0:2014.1.5-9.el7ost
openstack-nova-cells-0:2014.1.5-9.el7ost
openstack-nova-cert-0:2014.1.5-9.el7ost
openstack-nova-common-0:2014.1.5-9.el7ost
openstack-nova-compute-0:2014.1.5-9.el7ost
openstack-nova-conductor-0:2014.1.5-9.el7ost
openstack-nova-console-0:2014.1.5-9.el7ost
openstack-nova-doc-0:2014.1.5-9.el7ost
openstack-nova-network-0:2014.1.5-9.el7ost
openstack-nova-novncproxy-0:2014.1.5-9.el7ost
openstack-nova-objectstore-0:2014.1.5-9.el7ost
openstack-nova-scheduler-0:2014.1.5-9.el7ost
openstack-nova-serialproxy-0:2014.1.5-9.el7ost
python-nova-0:2014.1.5-9.el7ost
openstack-nova-0:2014.2.3-42.el7ost
openstack-nova-api-0:2014.2.3-42.el7ost
openstack-nova-cells-0:2014.2.3-42.el7ost
openstack-nova-cert-0:2014.2.3-42.el7ost
openstack-nova-common-0:2014.2.3-42.el7ost
openstack-nova-compute-0:2014.2.3-42.el7ost
openstack-nova-conductor-0:2014.2.3-42.el7ost
openstack-nova-console-0:2014.2.3-42.el7ost
openstack-nova-doc-0:2014.2.3-42.el7ost
openstack-nova-network-0:2014.2.3-42.el7ost
openstack-nova-novncproxy-0:2014.2.3-42.el7ost
openstack-nova-objectstore-0:2014.2.3-42.el7ost
openstack-nova-scheduler-0:2014.2.3-42.el7ost
openstack-nova-serialproxy-0:2014.2.3-42.el7ost
python-nova-0:2014.2.3-42.el7ost
openstack-nova-0:2014.1.5-16.el6ost
openstack-nova-api-0:2014.1.5-16.el6ost
openstack-nova-cells-0:2014.1.5-16.el6ost
openstack-nova-cert-0:2014.1.5-16.el6ost
openstack-nova-common-0:2014.1.5-16.el6ost
openstack-nova-compute-0:2014.1.5-16.el6ost
openstack-nova-conductor-0:2014.1.5-16.el6ost
openstack-nova-console-0:2014.1.5-16.el6ost
openstack-nova-doc-0:2014.1.5-16.el6ost
openstack-nova-network-0:2014.1.5-16.el6ost
openstack-nova-novncproxy-0:2014.1.5-16.el6ost
openstack-nova-objectstore-0:2014.1.5-16.el6ost
openstack-nova-scheduler-0:2014.1.5-16.el6ost
openstack-nova-serialproxy-0:2014.1.5-16.el6ost
python-nova-0:2014.1.5-16.el6ost

refmap via4

bid	76960
confirm	https://bugs.launchpad.net/nova/+bug/1491307 https://bugs.launchpad.net/nova/+bug/1492961 https://security.openstack.org/ossa/OSSA-2015-021.html

Last major update

13-02-2023 - 00:55

Published

29-10-2015 - 20:59

Last modified

13-02-2023 - 00:55