Local Permission Bypass in OpenStack Compute by Vendor OpenStack
CVE-2015-2687

4.7MEDIUM

Key Information:

Vendor

Openstack
Status
Compute
Vendor
CVE Published:
9 August 2017

What is CVE-2015-2687?

A vulnerability in OpenStack Compute (nova) allows local users to bypass normal permissions during live migration failures. This flaw permits unauthorized access to virtual machine volumes that should otherwise be restricted. Users can exploit this issue in the Icehouse, Juno, and Havana releases of OpenStack, potentially compromising sensitive data managed within the affected environments.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.openwall.com/lists/oss-security/2015/03/24/10
mailing-listx_refsource_MLIST
https://review.openstack.org/#/c/338929/
x_refsource_CONFIRM
http://www.securityfocus.com/bid/77505
vdb-entryx_refsource_BID

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.