Rapid7 Vulnerability & Exploit Database

Ubuntu: USN-3449-1 (CVE-2015-7713): OpenStack Nova vulnerabilities

Back to Search

Ubuntu: USN-3449-1 (CVE-2015-7713): OpenStack Nova vulnerabilities

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
10/29/2015
Created
07/25/2018
Added
10/11/2017
Modified
10/11/2017

Description

OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.

Solution(s)

  • ubuntu-upgrade-python-nova

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;