CVE-2015-7713

Loading...

General

Score:5.0/10.0
Severity:Medium
Category:Implementation Error
Exploit:Available

Impact Metrics

Confidentiality:None
Integrity:Partial
Availability:None

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Relative vulnerabilities

CVE-2015-3241, CVE-2015-3280, CVE-2015-5162, CVE-2015-7548, CVE-2015-8749, CVE-2016-2140

Published on 29/10/15 - Updated on 16/11/18

Description

OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.

Category: Implementation Error

CWE-254 (Security Features)
Software security is not security software. Here we're concerned with topics like authentication, access control, confidentiality, cryptography, and privilege management.

Security Notices

US National Vulnerability DatabaseCVE-2015-7713
Ubuntu USN-3449-1

Exploits

SecurityFocusBID-76960

Relative technologies

No affected technologies published yet by authorities.

Share this vulnerability with:

Twitter Facebook LinkedIn Mail