CVE-2015-7713

OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://bugs.launchpad.net/nova/+bug/1491307	Third Party Advisory
https://bugs.launchpad.net/nova/+bug/1492961	Third Party Advisory
https://security.openstack.org/ossa/OSSA-2015-021.html	Vendor Advisory
http://www.securityfocus.com/bid/76960	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2015:2673	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2684.html	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:openstack:nova::::::::
	cpe:2.3:a:openstack:nova::::::::

Information

Published : 2015-10-29 13:59

Updated : 2023-02-12 16:55

NVD link : CVE-2015-7713

Mitre link : CVE-2015-7713

JSON object : View

CWE

CWE-254

7PK - Security Features

Products Affected

openstack

nova

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://bugs.launchpad.net/nova/+bug/1491307", "name": "https://bugs.launchpad.net/nova/+bug/1491307", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://bugs.launchpad.net/nova/+bug/1492961", "name": "https://bugs.launchpad.net/nova/+bug/1492961", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://security.openstack.org/ossa/OSSA-2015-021.html", "name": "https://security.openstack.org/ossa/OSSA-2015-021.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/76960", "name": "76960", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "https://access.redhat.com/errata/RHSA-2015:2673", "name": "RHSA-2015:2673", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-2684.html", "name": "RHSA-2015:2684", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-254"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2015-7713", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2015-10-29T20:59Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2015.1.2", "versionStartIncluding": "2015.1.0"}, {"cpe23Uri": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2014.2.4", "versionStartIncluding": "2014.2"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-02-13T00:55Z"}

5.0 /10