Workflow

PyPi: Nova

CVE-2015-7713

Safety vulnerability ID: 35650

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Oct 29, 2015 Updated at Dec 05, 2024
Scan your Python projects for vulnerabilities →

Advisory

OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.

Affected package

nova

Latest version: 30.0.0

Cloud computing fabric controller

Affected versions

Fixed versions

Vulnerability changelog

OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.


CONFIRM:https://bugs.launchpad.net/nova/+bug/1491307: https://bugs.launchpad.net/nova/+bug/1491307
CONFIRM:https://bugs.launchpad.net/nova/+bug/1492961: https://bugs.launchpad.net/nova/+bug/1492961
CONFIRM:https://security.openstack.org/ossa/OSSA-2015-021.html: https://security.openstack.org/ossa/OSSA-2015-021.html
REDHAT:RHSA-2015:2673: https://access.redhat.com/errata/RHSA-2015:2673
REDHAT:RHSA-2015:2684: http://rhn.redhat.com/errata/RHSA-2015-2684.html
BID:76960: http://www.securityfocus.com/bid/76960

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

MEDIUM 5.0

CVSS v2 Details

MEDIUM 5.0
Access Vector (AV)
NETWORK
Access Complexity (AC)
LOW
Authentication (Au)
NONE
Confidentiality Impact (C)
NONE
Integrity Impact (I)
PARTIAL
Availability Impact (A)
NONE