Lucene search

K

GoogleOSV:GHSA-67RH-9P29-VRXR

HistoryMay 14, 2022 - 1:58 a.m.

OpenStack Compute (Nova) allows remote attackers to bypass intended restriction

2022-05-1401:58:45

Google

osv.dev

3

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

76.8%

OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.

CPENameOperatorVersion
novaeq19.0.1
novaeq22.4.0
novaeq18.0.3
novaeq21.1.2
novaeq17.0.9
novaeq17.0.12
novaeq19.2.0
novaeq18.1.0
novaeq26.0.0.0rc2
novaeq18.0.2

Rows per page:

1-10 of 881

References

rhn.redhat.com/errata/RHSA-2015-2684.html

www.securityfocus.com/bid/76960

access.redhat.com/errata/RHSA-2015:2673

access.redhat.com/errata/RHSA-2015:2684

access.redhat.com/errata/RHSA-2016:0013

access.redhat.com/errata/RHSA-2016:0017

access.redhat.com/security/cve/CVE-2015-7713

bugs.launchpad.net/nova/+bug/1491307

bugs.launchpad.net/nova/+bug/1492961

bugzilla.redhat.com/show_bug.cgi?id=1269119

nvd.nist.gov/vuln/detail/CVE-2015-7713

opendev.org/openstack/nova

security.openstack.org/ossa/OSSA-2015-021.html

web.archive.org/web/20200228024902/www.securityfocus.com/bid/76960

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

76.8%

Related for OSV:GHSA-67RH-9P29-VRXR

prion1 ubuntucve1 cve1 veracode1 redhat4 debiancve1 github1 ibm2 openvas1 nessus1 ubuntu1