Vulnerability Description
OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for.
CVSS Score
4.7
MEDIUM
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openstack | Compute | 2013.2 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2015/03/24/10Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2015/03/25/3Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/77505Third Party AdvisoryVDB Entry
- https://bugs.launchpad.net/nova/+bug/1419577Issue TrackingThird Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=1205313Issue TrackingThird Party AdvisoryVDB Entry
- https://review.openstack.org/#/c/338929/Third Party Advisory
- http://www.openwall.com/lists/oss-security/2015/03/24/10Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2015/03/25/3Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/77505Third Party AdvisoryVDB Entry
- https://bugs.launchpad.net/nova/+bug/1419577Issue TrackingThird Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=1205313Issue TrackingThird Party AdvisoryVDB Entry
- https://review.openstack.org/#/c/338929/Third Party Advisory
FAQ
What is CVE-2015-2687?
CVE-2015-2687 is a vulnerability with a CVSS score of 4.7 (MEDIUM). OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for.
How severe is CVE-2015-2687?
CVE-2015-2687 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-2687?
Check the references section above for vendor advisories and patch information. Affected products include: Openstack Compute.