CVE-2015-7713: OpenStack Compute (Nova) allows remote attackers to bypass intended restriction
(updated )
A vulnerability was discovered in the way OpenStack Compute (nova) networking handled security group updates; changes were not applied to already running VM instances. A remote attacker could use this flaw to access running VM instances.
References
- rhn.redhat.com/errata/RHSA-2015-2684.html
- access.redhat.com/errata/RHSA-2015:2673
- access.redhat.com/errata/RHSA-2015:2684
- access.redhat.com/errata/RHSA-2016:0013
- access.redhat.com/errata/RHSA-2016:0017
- access.redhat.com/security/cve/CVE-2015-7713
- bugs.launchpad.net/nova/+bug/1491307
- bugs.launchpad.net/nova/+bug/1492961
- bugzilla.redhat.com/show_bug.cgi?id=1269119
- github.com/advisories/GHSA-67rh-9p29-vrxr
- nvd.nist.gov/vuln/detail/CVE-2015-7713
- security.openstack.org/ossa/OSSA-2015-021.html
- web.archive.org/web/20200228024902/http://www.securityfocus.com/bid/76960
Code Behaviors & Features
Detect and mitigate CVE-2015-7713 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →