Vulnerability Description
OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openstack | Nova | >= 2014.2, < 2014.2.4 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2015-2684.htmlThird Party Advisory
- http://www.securityfocus.com/bid/76960Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2015:2673Third Party Advisory
- https://bugs.launchpad.net/nova/+bug/1491307Third Party Advisory
- https://bugs.launchpad.net/nova/+bug/1492961Third Party Advisory
- https://security.openstack.org/ossa/OSSA-2015-021.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2015-2684.htmlThird Party Advisory
- http://www.securityfocus.com/bid/76960Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2015:2673Third Party Advisory
- https://bugs.launchpad.net/nova/+bug/1491307Third Party Advisory
- https://bugs.launchpad.net/nova/+bug/1492961Third Party Advisory
- https://security.openstack.org/ossa/OSSA-2015-021.htmlVendor Advisory
FAQ
What is CVE-2015-7713?
CVE-2015-7713 is a vulnerability with a CVSS score of 5.0 (MEDIUM). OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by levera...
How severe is CVE-2015-7713?
CVE-2015-7713 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-7713?
Check the references section above for vendor advisories and patch information. Affected products include: Openstack Nova.