Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS05N2Z2LTIyaGMtbXJnas4AAabL

OpenStack Compute (Nova) Improper Access Control

OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for.

Permalink: https://github.com/advisories/GHSA-97fv-22hc-mrgj
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05N2Z2LTIyaGMtbXJnas4AAabL
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: 5 months ago

CVSS Score: 4.7
CVSS vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Identifiers: GHSA-97fv-22hc-mrgj, CVE-2015-2687
References:

Repository: https://github.com/openstack/nova
Blast Radius: 7.5

Affected Packages

pypi:nova

Dependent packages: 0
Dependent repositories: 40
Downloads: 7,869 last month
Affected Version Ranges: < 15.0.0.0b1
Fixed in: 15.0.0.0b1
All affected versions:
All unaffected versions: 15.1.5, 16.1.6, 16.1.7, 16.1.8, 17.0.7, 17.0.8, 17.0.9, 17.0.10, 17.0.11, 17.0.12, 17.0.13, 18.0.2, 18.0.3, 18.1.0, 18.2.0, 18.2.1, 18.2.2, 18.2.3, 18.3.0, 19.0.0, 19.0.1, 19.0.2, 19.0.3, 19.1.0, 19.2.0, 19.3.0, 19.3.1, 19.3.2, 20.0.0, 20.0.1, 20.1.0, 20.1.1, 20.2.0, 20.3.0, 20.4.0, 20.4.1, 20.5.0, 20.6.0, 20.6.1, 21.0.0, 21.1.0, 21.1.1, 21.1.2, 21.2.0, 21.2.1, 21.2.2, 21.2.3, 21.2.4, 22.0.0, 22.0.1, 22.1.0, 22.2.0, 22.2.1, 22.2.2, 22.3.0, 22.4.0, 23.0.0, 23.0.1, 23.0.2, 23.1.0, 23.2.0, 23.2.1, 23.2.2, 24.0.0, 24.1.0, 24.1.1, 24.2.0, 24.2.1, 25.0.0, 25.0.1, 25.1.0, 25.1.1, 25.2.0, 25.2.1, 25.3.0, 26.0.0, 26.1.0, 26.1.1, 26.2.0, 26.2.1, 26.2.2, 26.3.0, 27.0.0, 27.1.0, 27.2.0, 27.3.0, 27.4.0, 27.5.0, 28.0.0, 28.0.1, 28.1.0, 28.2.0, 28.3.0, 29.0.0, 29.0.1, 29.0.2, 29.1.0, 29.2.0, 30.0.0