CVE-2015-7713

OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
VendorProductVersion
openstacknova
2014.2 ≤
𝑥
< 2014.2.4
openstacknova
2015.1.0 ≤
𝑥
< 2015.1.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
nova
bullseye
2:22.0.1-2+deb11u1
fixed
jessie
no-dsa
wheezy
no-dsa
bullseye (security)
2:22.4.0-1~deb11u5
fixed
bookworm
2:26.2.2-1~deb12u3
fixed
bookworm (security)
2:26.2.2-1~deb12u3
fixed
sid
2:30.0.0-1
fixed
trixie
2:30.0.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
nova
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
not-affected
vivid
not-affected
trusty
Fixed 1:2014.1.5-0ubuntu1.7
released
precise
ignored
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2015-2684.html
http://www.securityfocus.com/bid/76960
https://access.redhat.com/errata/RHSA-2015:2673
https://bugs.launchpad.net/nova/+bug/1491307
https://bugs.launchpad.net/nova/+bug/1492961
https://security.openstack.org/ossa/OSSA-2015-021.html
http://rhn.redhat.com/errata/RHSA-2015-2684.html
http://www.securityfocus.com/bid/76960
https://access.redhat.com/errata/RHSA-2015:2673
https://bugs.launchpad.net/nova/+bug/1491307
https://bugs.launchpad.net/nova/+bug/1492961
https://security.openstack.org/ossa/OSSA-2015-021.html