Denial of Service Vulnerability in OpenStack Compute by OpenStack
CVE-2015-3280

Currently unrated

Key Information:

Vendor: Openstack
Status: Nova
Vendor: CVE Published:; 26 October 2015

What is CVE-2015-3280?

The OpenStack Compute (nova) component prior to versions 2014.2.4 and 2015.1.2 contains a vulnerability that permits remote authenticated users to manipulate the lifecycle of compute instances. By failing to properly remove instances during the resizing process, users can exploit this flaw to fill available disk space, leading to performance degradation and service unavailability.

References

http://rhn.redhat.com/errata/RHSA-2015-1898.html

vendor-advisoryx_refsource_REDHAT

https://launchpad.net/bugs/1392527

x_refsource_CONFIRM

http://www.oracle.com/technetwork/topics/security/bulleti...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 26, 2015
Vulnerability Reserved
Apr 10, 2015

Openstack

What is CVE-2015-3280?

References

Timeline