5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
openstack-nova is vulnerable to authorization bypass. A vulnerability was discovered in the way OpenStack Compute (nova) networking handled security group updates; changes were not applied to already running VM instances. A remote attacker could use this flaw to access running VM instances.
rhn.redhat.com/errata/RHSA-2015-2684.html
www.securityfocus.com/bid/76960
access.redhat.com/errata/RHSA-2015:2673
access.redhat.com/errata/RHSA-2015:2684
access.redhat.com/errata/RHSA-2016:0013
access.redhat.com/errata/RHSA-2016:0017
access.redhat.com/security/cve/CVE-2015-7713
access.redhat.com/security/updates/classification/#moderate
bugs.launchpad.net/nova/+bug/1491307
bugs.launchpad.net/nova/+bug/1492961
bugzilla.redhat.com/show_bug.cgi?id=1190837
bugzilla.redhat.com/show_bug.cgi?id=1269119
rhn.redhat.com/errata/RHSA-2015-2684.html
security.openstack.org/ossa/OSSA-2015-021.html