Security Flaw in OpenStack Compute (Nova) by OpenStack
CVE-2015-7713

Currently unrated

Key Information:

Vendor: Openstack
Status: Nova
Vendor: CVE Published:; 29 October 2015

Summary

A flaw in OpenStack Compute (Nova) versions prior to 2014.2.4 and 2015.1.2 allows remote attackers to exploit security group changes. This vulnerability enables attackers to bypass intended network restrictions by leveraging instances that were operational during the modification of security settings. As a result, unauthorized access could potentially be gained, compromising the security of the affected environment.

References

http://www.securityfocus.com/bid/76960

vdb-entryx_refsource_BID

https://bugs.launchpad.net/nova/+bug/1491307

x_refsource_CONFIRM

https://access.redhat.com/errata/RHSA-2015:2673

vendor-advisoryx_refsource_REDHAT

Timeline

Vulnerability published
Oct 29, 2015
Vulnerability Reserved
Oct 6, 2015