Local Permission Bypass in OpenStack Compute by Vendor OpenStack
CVE-2015-2687

4.7MEDIUM

Key Information:

Vendor

Openstack
Status
Compute
Vendor
CVE Published:
9 August 2017

What is CVE-2015-2687?

A vulnerability in OpenStack Compute (nova) allows local users to bypass normal permissions during live migration failures. This flaw permits unauthorized access to virtual machine volumes that should otherwise be restricted. Users can exploit this issue in the Icehouse, Juno, and Havana releases of OpenStack, potentially compromising sensitive data managed within the affected environments.

References

http://www.openwall.com/lists/oss-security/2015/03/24/10
mailing-listx_refsource_MLIST
https://review.openstack.org/#/c/338929/
x_refsource_CONFIRM
http://www.securityfocus.com/bid/77505
vdb-entryx_refsource_BID

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.