Vulnerability Details : CVE-2015-7713
OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.
Products affected by CVE-2015-7713
- cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-7713
0.53%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 74 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-7713
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2015-7713
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-7713
-
http://rhn.redhat.com/errata/RHSA-2015-2684.html
RHSA-2015:2684 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://bugs.launchpad.net/nova/+bug/1492961
Bug #1492961 “Security Group Rules not effective immediately” : Bugs : OpenStack Compute (nova)Third Party Advisory
-
https://bugs.launchpad.net/nova/+bug/1491307
Bug #1491307 “[OSSA 2015-021] secgroup rules doesn't work for in...” : Bugs : OpenStack Compute (nova)Third Party Advisory
-
https://security.openstack.org/ossa/OSSA-2015-021.html
OpenStack Docs: OSSA-2015-021: Nova network security group changes are not applied to running instancesVendor Advisory
-
https://access.redhat.com/errata/RHSA-2015:2673
RHSA-2015:2673 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.securityfocus.com/bid/76960
OpenStack Nova CVE-2015-7713 Security Bypass VulnerabilityThird Party Advisory;VDB Entry
Jump to