GitHub Advisory DatabaseGHSA-3VX7-XFF6-H2VXOpenStack Nova instance migration process does not stop when instance is deleted
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:N/A:C
AI Score
Confidence
High
EPSS
Percentile
82.0%
OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service (disk, network, and other resource consumption) by resizing and then deleting an instance.
Affected configurations
References
rhn.redhat.com/errata/RHSA-2015-1723.html
rhn.redhat.com/errata/RHSA-2015-1898.html
www.securityfocus.com/bid/75372
access.redhat.com/errata/RHSA-2015:1723
access.redhat.com/errata/RHSA-2015:1898
access.redhat.com/security/cve/CVE-2015-3241
bugzilla.redhat.com/show_bug.cgi?id=1232782
github.com/advisories/GHSA-3vx7-xff6-h2vx
github.com/openstack/nova/commit/7ab75d5b0b75fc3426323bef19bf436a258b9707
github.com/openstack/nova/commit/b5020a047fc487f35b76fc05f31e52665a1afda1
github.com/openstack/nova/commit/bf23643e36c8764b4bd532546a2cc04385fe0cff
github.com/openstack/ossa/blob/482576204dec96f580817b119e3166d71c757731/ossa/OSSA-2015-015.yaml
launchpad.net/bugs/1387543
nvd.nist.gov/vuln/detail/CVE-2015-3241
security.openstack.org/ossa/OSSA-2015-015.html
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:N/A:C
AI Score
Confidence
High
EPSS
Percentile
82.0%