CVE-2015-7713 – nova

Package

Manager: pip
Name: nova
Vulnerable Version: >=0 <2014.2.4 || >=2015.1.0 <2015.1.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.01522 pctl0.80579

Details

OpenStack Compute (Nova) allows remote attackers to bypass intended restriction OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.

Metadata

Created: 2022-05-14T01:58:45Z
Modified: 2023-02-08T18:12:12Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-67rh-9p29-vrxr/GHSA-67rh-9p29-vrxr.json
CWE IDs: []
Alternative ID: GHSA-67rh-9p29-vrxr
Finding: F115
Auto approve: 1