MEDIUM

GHSA-67rh-9p29-vrxr

OpenStack Compute (Nova) allows remote attackers to bypass intended restriction

상세

OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / nova

최초 영향 버전: 0 수정 버전: 2014.2.4

수정 pip install --upgrade 'nova>=2014.2.4'

PyPI / nova

최초 영향 버전: 2015.1.0 수정 버전: 2015.1.2

수정 pip install --upgrade 'nova>=2015.1.2'

참고

https://nvd.nist.gov/vuln/detail/CVE-2015-7713 [ADVISORY]
https://access.redhat.com/errata/RHSA-2015:2673 [WEB]
https://access.redhat.com/errata/RHSA-2015:2684 [WEB]
https://access.redhat.com/errata/RHSA-2016:0013 [WEB]
https://access.redhat.com/errata/RHSA-2016:0017 [WEB]
https://access.redhat.com/security/cve/CVE-2015-7713 [WEB]
https://bugs.launchpad.net/nova/+bug/1491307 [WEB]
https://bugs.launchpad.net/nova/+bug/1492961 [WEB]
https://bugzilla.redhat.com/show_bug.cgi?id=1269119 [WEB]
https://opendev.org/openstack/nova [PACKAGE]
https://security.openstack.org/ossa/OSSA-2015-021.html [WEB]
https://web.archive.org/web/20200228024902/http://www.securityfocus.com/bid/76960 [WEB]
http://rhn.redhat.com/errata/RHSA-2015-2684.html [WEB]
http://www.securityfocus.com/bid/76960 [WEB]