GitHub Advisory DatabaseGHSA-97FV-22HC-MRGJOpenStack Compute (Nova) Improper Access Control
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
5.1%
OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for.
Affected configurations
References
www.openwall.com/lists/oss-security/2015/03/24/10
www.openwall.com/lists/oss-security/2015/03/25/3
www.securityfocus.com/bid/77505
bugs.launchpad.net/nova/+bug/1419577
bugzilla.redhat.com/show_bug.cgi?id=1205313
github.com/advisories/GHSA-97fv-22hc-mrgj
github.com/openstack/nova/commit/b83cae02ece4c338e09c3606c6ae69b715bd6f8c
nvd.nist.gov/vuln/detail/CVE-2015-2687
review.openstack.org/#/c/338929
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
5.1%