CVE-2015-2687
MEDIUM4.7EPSS 0.05%OpenStack Compute (Nova) Improper Access Control
Published: 5/17/2022Modified: 4/28/2026
Description
OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for.
Affected packages (3)
- Debian/novafrom 0, < 2014.1-1
- PyPI/novafrom 0, < 15.0.0.0b1
- PyPI/novafrom 0, < 15.0.0.0b1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | MEDIUM4.7 | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
References (12)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-2687
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-2687
- ADVISORYhttp://www.securityfocus.com/bid/77505
- PATCHhttps://github.com/openstack/nova
- WEBhttps://bugs.launchpad.net/nova/+bug/1419577
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1205313
- WEBhttps://github.com/openstack/nova/commit/b83cae02ece4c338e09c3606c6ae69b715bd6f8c
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2017-145.yaml
- WEBhttps://review.openstack.org/#/c/338929
- WEBhttps://review.openstack.org/#/c/338929/
- WEBhttp://www.openwall.com/lists/oss-security/2015/03/24/10
- WEBhttp://www.openwall.com/lists/oss-security/2015/03/25/3