CVE-2015-7713

EUVD-2022-2743
OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
Affected Products (NVD)
VendorProductVersion
openstacknova
2014.2 ≤
𝑥
< 2014.2.4
openstacknova
2015.1.0 ≤
𝑥
< 2015.1.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
nova
bookworm
2:26.2.2-1~deb12u3
fixed
bookworm (security)
2:26.2.2-1~deb12u3
fixed
bullseye
2:22.0.1-2+deb11u1
fixed
bullseye (security)
2:22.4.0-1~deb11u5
fixed
jessie
no-dsa
sid
2:30.0.0-1
fixed
trixie
2:30.0.0-1
fixed
wheezy
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
nova
precise
ignored
trusty
Fixed 1:2014.1.5-0ubuntu1.7
released
vivid
not-affected
wily
not-affected
xenial
not-affected
yakkety
not-affected
zesty
not-affected
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2015-2684.html
http://www.securityfocus.com/bid/76960
https://access.redhat.com/errata/RHSA-2015:2673
https://bugs.launchpad.net/nova/+bug/1491307
https://bugs.launchpad.net/nova/+bug/1492961
https://security.openstack.org/ossa/OSSA-2015-021.html
http://rhn.redhat.com/errata/RHSA-2015-2684.html
http://www.securityfocus.com/bid/76960
https://access.redhat.com/errata/RHSA-2015:2673
https://bugs.launchpad.net/nova/+bug/1491307
https://bugs.launchpad.net/nova/+bug/1492961
https://security.openstack.org/ossa/OSSA-2015-021.html