OpenStack Compute à 2014.2.3/2015.1.1 elévation de privilèges

Une vulnérabilité a été trouvé dans OpenStack Compute à 2014.2.3/2015.1.1 (Cloud Software) et classée critique. Affecté par cette vulnérabilité est une fonction inconnue. Mettre à jour à la version 2014.2.4 ou 2015.1.2 élimine cette vulnérabilité. Une solution envisageable a été publiée 3 ans après la publication de la vulnérabilité.

Domaine19/06/2018 21:0725/06/2022 13:3625/06/2022 13:42
typeCloud SoftwareCloud SoftwareCloud Software
vendorOpenStackOpenStackOpenStack
nameComputeComputeCompute
version<=2014.2.3/2015.1.1<=2014.2.3/2015.1.1<=2014.2.3/2015.1.1
cwe254 (elévation de privilèges)254 (elévation de privilèges)254 (elévation de privilèges)
risk222
cvss2_vuldb_basescore6.86.86.8
cvss2_vuldb_tempscore5.95.95.9
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss3_meta_basescore7.57.57.5
cvss3_meta_tempscore7.27.27.2
cvss3_vuldb_basescore7.57.57.5
cvss3_vuldb_tempscore7.27.27.2
date1446076800 (29/10/2015)1446076800 (29/10/2015)1446076800 (29/10/2015)
urlhttps://security.openstack.org/ossa/OSSA-2015-021.htmlhttps://security.openstack.org/ossa/OSSA-2015-021.htmlhttps://security.openstack.org/ossa/OSSA-2015-021.html
price_0day$0-$5k$0-$5k$0-$5k
nameUpgradeUpgradeUpgrade
upgrade_version2014.2.4/2015.1.22014.2.4/2015.1.22014.2.4/2015.1.2
cveCVE-2015-7713CVE-2015-7713CVE-2015-7713
cve_nvd_published144607680014460768001446076800
cve_nvd_summaryOpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.
securityfocus769607696076960
securityfocus_titleOpenStack Nova CVE-2015-7713 Security Bypass VulnerabilityOpenStack Nova CVE-2015-7713 Security Bypass VulnerabilityOpenStack Nova CVE-2015-7713 Security Bypass Vulnerability
vulnerabilitycenter553805538055380
vulnerabilitycenter_titleOpenStack Compute Remote Security Bypass due to Improper Changes in Security GroupOpenStack Compute Remote Security Bypass due to Improper Changes in Security GroupOpenStack Compute Remote Security Bypass due to Improper Changes in Security Group
vulnerabilitycenter_severityMediumMediumMedium
vulnerabilitycenter_creationdate145082880014508288001450828800
vulnerabilitycenter_lastupdate151061760015106176001510617600
vulnerabilitycenter_reportingdate144400320014440032001444003200
nessus_riskHighHighHigh
nessus_typelocallocallocal
nessus_date1507766400 (12/10/2017)1507766400 (12/10/2017)1507766400 (12/10/2017)
qualys_id196940196940196940
qualys_titleUbuntu Security Notification for Nova Vulnerabilities (USN-3449-1)Ubuntu Security Notification for Nova Vulnerabilities (USN-3449-1)Ubuntu Security Notification for Nova Vulnerabilities (USN-3449-1)
seealso77648 78886 80188 80285 82258 9250277648 78886 80188 80285 82258 9250277648 78886 80188 80285 82258 92502
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcXXX
reaction_days713713713
exposure_days713713713
cvss2_nvd_avNNN
cvss2_nvd_acLLL
cvss2_nvd_auNNN
cvss2_nvd_ciNNN
cvss2_nvd_iiPPP
cvss2_nvd_aiNNN
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iNNN
cvss3_vuldb_aHHH
confirm_urlhttps://bugs.launchpad.net/nova/+bug/1491307https://bugs.launchpad.net/nova/+bug/1491307https://bugs.launchpad.net/nova/+bug/1491307
date1507680000 (11/10/2017)1507680000 (11/10/2017)1507680000 (11/10/2017)
cve_assigned1444089600 (06/10/2015)1444089600 (06/10/2015)1444089600 (06/10/2015)
securityfocus_date1444003200 (05/10/2015)1444003200 (05/10/2015)1444003200 (05/10/2015)
securityfocus_classDesign ErrorDesign ErrorDesign Error
nessus_id103812103812103812
nessus_nameUbuntu 14.04 LTS : nova vulnerabilities (USN-3449-1)Ubuntu 14.04 LTS : nova vulnerabilities (USN-3449-1)Ubuntu 14.04 LTS : nova vulnerabilities (USN-3449-1)
nessus_filenameubuntu_USN-3449-1.naslubuntu_USN-3449-1.naslubuntu_USN-3449-1.nasl
nessus_familyUbuntu Local Security ChecksUbuntu Local Security ChecksUbuntu Local Security Checks
openvas_id841810841810841810
openvas_filenamegb_ubuntu_USN_3449_1.naslgb_ubuntu_USN_3449_1.naslgb_ubuntu_USN_3449_1.nasl
openvas_titleUbuntu Update for nova USN-3449-1Ubuntu Update for nova USN-3449-1Ubuntu Update for nova USN-3449-1
openvas_familyUbuntu Local Security ChecksUbuntu Local Security ChecksUbuntu Local Security Checks
identifierRHSA-2015:2673USN-3449-1
cvss2_nvd_basescore5.05.0

Want to stay up to date on a daily basis?

Enable the mail alert feature now!