CVE-2015-7713

CWE-254CWE-28510 documents8 sources
Severity
5.0MEDIUM
EPSS
1.5%
top 18.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openstack Nova
Timeline
PublishedOct 29
Latest updateMay 14

Description

OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

NVDopenstack/nova2014.22014.2.4+1
PyPInova2015.1.02015.1.2+1
Debiannova< 1:12.0.0-2+3

🔴Vulnerability Details

4
GHSA
OpenStack Compute (Nova) allows remote attackers to bypass intended restriction2022-05-14
OSV
OpenStack Compute (Nova) allows remote attackers to bypass intended restriction2022-05-14
OSV
CVE-2015-7713: OpenStack Compute (Nova) before 20142015-10-29
CVEList
CVE-2015-7713: OpenStack Compute (Nova) before 20142015-10-29

📋Vendor Advisories

3
Ubuntu
OpenStack Nova vulnerabilities2017-10-11
Red Hat
openstack-nova: network security group changes are not applied to running instances2015-10-05
Debian
CVE-2015-7713: nova - OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (ki...2015

💬Community

2
Bugzilla
CVE-2015-7713 openstack-nova: network security group changes are not applied to running instances2015-10-06
Bugzilla
CVE-2015-7713 openstack-nova: network security group changes are not applied to running instances [fedora-all]2015-10-06
CVE-2015-7713 (MEDIUM CVSS 5) | OpenStack Compute (Nova) before 201 | cvebase.io