CVE-2015-2687

4.7MEDIUM

Key Information

Vendor: Openstack
Status: Compute
Vendor: CVE Published:; 9 August 2017

Summary

OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for.

References

http://www.openwall.com/lists/oss-security/2015/03/24/10

mailing-listx_refsource_MLIST

https://review.openstack.org/#/c/338929/

x_refsource_CONFIRM

http://www.securityfocus.com/bid/77505

vdb-entryx_refsource_BID

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 9, 2017
Vulnerability Reserved
Mar 24, 2015

Collectors

NVD DatabaseMitre Database