CVE-2016-7498 - OpenStack Compute (nova) 13.0.0 does not properly delete instances from compute nodes, which allows

CVE-2016-7498

Summary

OpenStack Compute (nova) 13.0.0 does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state. NOTE: this vulnerability exists because of a CVE-2015-3280 regression.

References

Vulnerable Configurations

cpe:2.3:a:openstack:compute_\(nova\):13.0.0:*:*:*:*:*:*:*
cpe:2.3:a:openstack:compute_\(nova\):13.0.0:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 12-02-2023 - 23:25)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:S/C:N/I:N/A:C

refmap via4

bid	93068
confirm	https://security.openstack.org/ossa/OSSA-2016-011.html
mlist	[oss-security] 20160921 Re: CVE request for vulnerability in OpenStack Nova [oss-security] 20160923 [OSSA 2016-011] Nova may fail to delete images in resize state regression (CVE-2016-7498)

Last major update

12-02-2023 - 23:25

Published

27-09-2016 - 15:59

Last modified

12-02-2023 - 23:25