Denial of Service Vulnerability in OpenStack Compute by OpenStack
CVE-2015-3280

Currently unrated

Key Information:

Vendor
Openstack
Status
Vendor
CVE Published:
26 October 2015

Summary

The OpenStack Compute (nova) component prior to versions 2014.2.4 and 2015.1.2 contains a vulnerability that permits remote authenticated users to manipulate the lifecycle of compute instances. By failing to properly remove instances during the resizing process, users can exploit this flaw to fill available disk space, leading to performance degradation and service unavailability.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.