Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS05N2Z2LTIyaGMtbXJnas4AAabL
OpenStack Compute (Nova) Improper Access Control
OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for.
Permalink: https://github.com/advisories/GHSA-97fv-22hc-mrgjJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05N2Z2LTIyaGMtbXJnas4AAabL
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: 6 months ago
CVSS Score: 4.7
CVSS vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-97fv-22hc-mrgj, CVE-2015-2687
References:
- https://nvd.nist.gov/vuln/detail/CVE-2015-2687
- https://bugs.launchpad.net/nova/+bug/1419577
- https://bugzilla.redhat.com/show_bug.cgi?id=1205313
- http://www.openwall.com/lists/oss-security/2015/03/24/10
- http://www.openwall.com/lists/oss-security/2015/03/25/3
- http://www.securityfocus.com/bid/77505
- https://github.com/openstack/nova/commit/b83cae02ece4c338e09c3606c6ae69b715bd6f8c
- https://review.openstack.org/#/c/338929
- https://github.com/advisories/GHSA-97fv-22hc-mrgj
Blast Radius: 7.5
Affected Packages
pypi:nova
Dependent packages: 0Dependent repositories: 40
Downloads: 7,869 last month
Affected Version Ranges: < 15.0.0.0b1
Fixed in: 15.0.0.0b1
All affected versions:
All unaffected versions: 15.1.5, 16.1.6, 16.1.7, 16.1.8, 17.0.7, 17.0.8, 17.0.9, 17.0.10, 17.0.11, 17.0.12, 17.0.13, 18.0.2, 18.0.3, 18.1.0, 18.2.0, 18.2.1, 18.2.2, 18.2.3, 18.3.0, 19.0.0, 19.0.1, 19.0.2, 19.0.3, 19.1.0, 19.2.0, 19.3.0, 19.3.1, 19.3.2, 20.0.0, 20.0.1, 20.1.0, 20.1.1, 20.2.0, 20.3.0, 20.4.0, 20.4.1, 20.5.0, 20.6.0, 20.6.1, 21.0.0, 21.1.0, 21.1.1, 21.1.2, 21.2.0, 21.2.1, 21.2.2, 21.2.3, 21.2.4, 22.0.0, 22.0.1, 22.1.0, 22.2.0, 22.2.1, 22.2.2, 22.3.0, 22.4.0, 23.0.0, 23.0.1, 23.0.2, 23.1.0, 23.2.0, 23.2.1, 23.2.2, 24.0.0, 24.1.0, 24.1.1, 24.2.0, 24.2.1, 25.0.0, 25.0.1, 25.1.0, 25.1.1, 25.2.0, 25.2.1, 25.3.0, 26.0.0, 26.1.0, 26.1.1, 26.2.0, 26.2.1, 26.2.2, 26.3.0, 27.0.0, 27.1.0, 27.2.0, 27.3.0, 27.4.0, 27.5.0, 27.5.1, 28.0.0, 28.0.1, 28.1.0, 28.2.0, 28.3.0, 29.0.0, 29.0.1, 29.0.2, 29.1.0, 29.2.0, 30.0.0