Lucene search

K
githubGitHub Advisory DatabaseGHSA-67RH-9P29-VRXR
HistoryMay 14, 2022 - 1:58 a.m.

OpenStack Compute (Nova) allows remote attackers to bypass intended restriction

2022-05-1401:58:45
GitHub Advisory Database
github.com
16
openstack
nova
security restriction

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

EPSS

0.005

Percentile

77.2%

OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.

Affected configurations

Vulners
Node
novanovaRange<2015.1.2
OR
novanovaRange<2014.2.4

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

EPSS

0.005

Percentile

77.2%