Vulnerability Description
OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openstack | Nova | >= 2014.2, < 2014.2.4 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2015-1898.htmlThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlThird Party Advisory
- http://www.securityfocus.com/bid/76553Third Party AdvisoryVDB Entry
- https://launchpad.net/bugs/1392527Third Party Advisory
- https://security.openstack.org/ossa/OSSA-2015-017.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1898.htmlThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlThird Party Advisory
- http://www.securityfocus.com/bid/76553Third Party AdvisoryVDB Entry
- https://launchpad.net/bugs/1392527Third Party Advisory
- https://security.openstack.org/ossa/OSSA-2015-017.htmlVendor Advisory
FAQ
What is CVE-2015-3280?
CVE-2015-3280 is a vulnerability with a CVSS score of 6.8 (MEDIUM). OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of ...
How severe is CVE-2015-3280?
CVE-2015-3280 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-3280?
Check the references section above for vendor advisories and patch information. Affected products include: Openstack Nova.