Local Permission Bypass in OpenStack Compute by Vendor OpenStack
CVE-2015-2687
4.7MEDIUM
Summary
A vulnerability in OpenStack Compute (nova) allows local users to bypass normal permissions during live migration failures. This flaw permits unauthorized access to virtual machine volumes that should otherwise be restricted. Users can exploit this issue in the Icehouse, Juno, and Havana releases of OpenStack, potentially compromising sensitive data managed within the affected environments.
References
CVSS V3.1
Score:
4.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved